Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clicl.gethotresults.com


  • This topic is locked This topic is locked
20 replies to this topic

#1 lufkinmj4

lufkinmj4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 20 September 2012 - 10:44 AM

Hello,

I've got this nasty redirect problem on my hands right now, and I have no idea how to fix it! Every time I try to search, it redirects me to click.gethotresults.com. Avast notices it as malware, but is unable to detect it when I do a full system can. Malwarebytes also is unable to touch it! Any help would be greatly appreciated. I'm not the most technically inclined, so I need a lot of help here.

Thanks,

Mike

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 24 September 2012 - 12:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 11:06 AM

Thank You for getting back to me so quickly!!!


Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 31
Java™ 7 Update 2
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
MediaMall MediaMallServer.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by User at 12:01:47 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1262 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dldtcoms.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\System32\rundll32.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Users\User\Desktop\utorrent.exe
C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\mfpmp.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\MediaMall\MediaMallServer.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [PlayOn] c:\program files\mediamall\PlayOn.exe
uRun: [Spotify Web Helper] "c:\users\user\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\whites~1.lnk - c:\users\user\downloads\WhiteSmokeWriterGeo5002_en.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE907CD0-647B-41B2-9F8F-CF059DE4D5A4} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE907CD0-647B-41B2-9F8F-CF059DE4D5A4}\564786F63747275616D6 : DhcpNameServer = 192.168.249.1
TCP: Interfaces\{BE907CD0-647B-41B2-9F8F-CF059DE4D5A4}\74F6C646F525573786F5242756775697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BE907CD0-647B-41B2-9F8F-CF059DE4D5A4}\C696E6B6379737 : DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\zhbb5zea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVersitybar Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PLTV52&o=100000018&locale=en_US&apn_uid=f039381e-7adf-4ff0-911f-3cd9d1f5fac0&apn_ptnrs=E5&apn_sauid=46ECF952-B9BC-4611-A757-1A0BBADC093A&apn_dtid=YYYYYYYYUS&&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-12-16 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-12-16 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-12-16 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-3-5 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-16 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-16 355632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-9-10 44808]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2012-9-10 133912]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2012-5-18 3057528]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-9-22 7680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-9-22 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-22 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-9-22 862208]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-22 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1caa876f59d3878;Google Update Service (gupdate1caa876f59d3878);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 253088]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\drivers\BUSB2902.sys [2010-3-30 384576]
S3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2010-3-30 39488]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 114144]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-22 171520]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-21 09:41:23 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e1c177aa-07fc-4243-842a-6f3e51cedf31}\offreg.dll
2012-09-21 09:39:54 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e1c177aa-07fc-4243-842a-6f3e51cedf31}\mpengine.dll
2012-09-20 13:59:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 13:59:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 07:26:22 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-20 07:26:19 -------- d-----w- c:\users\user\appdata\local\temp
2012-09-20 06:40:27 98816 ----a-w- c:\windows\sed.exe
2012-09-20 06:40:27 518144 ----a-w- c:\windows\SWREG.exe
2012-09-20 06:40:27 256000 ----a-w- c:\windows\PEV.exe
2012-09-20 06:40:27 208896 ----a-w- c:\windows\MBR.exe
2012-09-10 18:03:35 -------- d-----w- c:\users\user\appdata\local\{D8CB2F17-6533-41D9-9552-C93D83F78EC0}
2012-09-05 20:24:44 -------- d-----w- c:\users\user\appdata\local\{377BFBF5-EAFF-4C12-946E-C79D990811CE}
.
==================== Find3M ====================
.
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13:14 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13:14 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13:14 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 12:03:28.98 ===============

#4 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 11:13 AM

Here is the compressed attach file.

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 24 September 2012 - 11:31 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 12:34 PM

ws 7 Home Premium (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

-\\ Google Chrome v21.0.1180.89

*************************

AdwCleaner[S1].txt - [4147 octets] - [20/09/2012 02:30:19]
AdwCleaner[S2].txt - [699 octets] - [24/09/2012 13:18:53]

########## EOF - C:\AdwCleaner[S2].txt - [758 octets] ##########


RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 09/24/2012 13:32:59

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-26ZCT0 +++++
--- User ---
[MBR] d460ccd5b5e2c20cfe8ac2ed91d96725
[BSP] 00f8b26f5fa1b60d50ca7516ef977f9f : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295547 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608354304 | Size: 8197 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 24 September 2012 - 12:44 PM

Hello lufkinmj4

This is what we are going to run at this time but I would also like to know how things are doing at this time.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 01:15 PM

It's still happening.

ComboFix 12-09-24.02 - User 09/24/2012 13:55:17.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1819 [GMT -4:00]
Running from: c:\users\User\Downloads\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 18:11 . 2012-09-24 18:11 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp
2012-09-24 18:11 . 2012-09-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-21 09:41 . 2012-09-21 09:41 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1C177AA-07FC-4243-842A-6F3E51CEDF31}\offreg.dll
2012-09-21 09:39 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1C177AA-07FC-4243-842A-6F3E51CEDF31}\mpengine.dll
2012-09-20 13:59 . 2012-09-20 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 13:59 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 07:26 . 2012-09-24 18:11 -------- d-----w- c:\users\User\AppData\Local\temp
2012-09-17 07:06 . 2012-09-17 07:06 -------- d-----w- c:\windows\Sun
2012-09-06 14:46 . 2012-09-06 15:02 -------- d-----w- c:\users\User\AppData\Roaming\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-21 09:13 . 2011-12-16 16:45 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-12-16 16:45 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-12-16 16:45 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-03-05 20:04 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-03-05 20:04 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2011-12-16 16:52 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2011-12-16 16:45 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-12-16 16:52 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2011-12-16 16:45 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-12-16 16:44 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-12-16 16:44 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-10 20:16 . 2012-09-10 20:16 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2012-09-10 53248]
"Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-8-31 8354984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WhiteSmoke Translator.lnk - c:\users\User\Downloads\WhiteSmokeWriterGeo5002_en.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
R2 gupdate1caa876f59d3878;Google Update Service (gupdate1caa876f59d3878);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [x]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 15:46]
.
2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:29]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-11 22:29]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:26]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 04:26]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:24]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 20:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zhbb5zea.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVersitybar Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PLTV52&o=100000018&locale=en_US&apn_uid=f039381e-7adf-4ff0-911f-3cd9d1f5fac0&apn_ptnrs=E5&apn_sauid=46ECF952-B9BC-4611-A757-1A0BBADC093A&apn_dtid=YYYYYYYYUS&&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 4
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3817651789-3791859860-871273996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3817651789-3791859860-871273996-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3817651789-3791859860-871273996-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3817651789-3791859860-871273996-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(388)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-09-24 14:13:19
ComboFix-quarantined-files.txt 2012-09-24 18:13
ComboFix2.txt 2012-09-20 07:26
.
Pre-Run: 188,141,707,264 bytes free
Post-Run: 187,729,448,960 bytes free
.
- - End Of File - - 28DADD91447A08F1F9EE6C67FF84DDDD

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 24 September 2012 - 03:01 PM

Greetings lufkinmj4

This may or may not fix the problem but I want to make sure no rootkits are involved so I want you to run these next and then let me know how things are after



tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 03:17 PM

I can't get it to redirect to click.gethotresults.com anymore, but I did have a weird redirect to infomash that I've never seen before. so I can't really tell if it is resolved or not right now. Here are the logs.


16:06:17.0936 1560 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:06:18.0232 1560 ============================================================
16:06:18.0232 1560 Current date / time: 2012/09/24 16:06:18.0232
16:06:18.0232 1560 SystemInfo:
16:06:18.0232 1560
16:06:18.0232 1560 OS Version: 6.1.7600 ServicePack: 0.0
16:06:18.0232 1560 Product type: Workstation
16:06:18.0232 1560 ComputerName: USER-PC
16:06:18.0232 1560 UserName: User
16:06:18.0232 1560 Windows directory: C:\windows
16:06:18.0232 1560 System windows directory: C:\windows
16:06:18.0232 1560 Processor architecture: Intel x86
16:06:18.0232 1560 Number of processors: 2
16:06:18.0232 1560 Page size: 0x1000
16:06:18.0232 1560 Boot type: Normal boot
16:06:18.0232 1560 ============================================================
16:06:18.0638 1560 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:06:18.0638 1560 ============================================================
16:06:18.0638 1560 \Device\Harddisk0\DR0:
16:06:18.0638 1560 MBR partitions:
16:06:18.0638 1560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2413D800
16:06:18.0638 1560 ============================================================
16:06:18.0669 1560 C: <-> \Device\Harddisk0\DR0\Partition1
16:06:18.0669 1560 ============================================================
16:06:18.0669 1560 Initialize success
16:06:18.0669 1560 ============================================================
16:06:29.0729 5608 ============================================================
16:06:29.0729 5608 Scan started
16:06:29.0729 5608 Mode: Manual;
16:06:29.0729 5608 ============================================================
16:06:30.0275 5608 ================ Scan system memory ========================
16:06:30.0275 5608 System memory - ok
16:06:30.0275 5608 ================ Scan services =============================
16:06:30.0431 5608 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
16:06:30.0431 5608 1394ohci - ok
16:06:30.0462 5608 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
16:06:30.0462 5608 ACPI - ok
16:06:30.0494 5608 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
16:06:30.0494 5608 AcpiPmi - ok
16:06:30.0540 5608 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\windows\system32\drivers\adfs.sys
16:06:30.0540 5608 adfs - ok
16:06:30.0634 5608 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:30.0634 5608 AdobeFlashPlayerUpdateSvc - ok
16:06:30.0696 5608 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
16:06:30.0696 5608 adp94xx - ok
16:06:30.0712 5608 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
16:06:30.0712 5608 adpahci - ok
16:06:30.0743 5608 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
16:06:30.0743 5608 adpu320 - ok
16:06:30.0774 5608 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:06:30.0774 5608 AeLookupSvc - ok
16:06:30.0837 5608 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
16:06:30.0837 5608 AFD - ok
16:06:30.0884 5608 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
16:06:30.0899 5608 AgereSoftModem - ok
16:06:30.0930 5608 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
16:06:30.0930 5608 agp440 - ok
16:06:30.0962 5608 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
16:06:30.0962 5608 aic78xx - ok
16:06:30.0993 5608 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
16:06:30.0993 5608 ALG - ok
16:06:31.0024 5608 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
16:06:31.0024 5608 aliide - ok
16:06:31.0040 5608 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
16:06:31.0040 5608 amdagp - ok
16:06:31.0055 5608 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
16:06:31.0055 5608 amdide - ok
16:06:31.0071 5608 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
16:06:31.0071 5608 AmdK8 - ok
16:06:31.0086 5608 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:06:31.0086 5608 AmdPPM - ok
16:06:31.0133 5608 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:06:31.0133 5608 amdsata - ok
16:06:31.0149 5608 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
16:06:31.0164 5608 amdsbs - ok
16:06:31.0164 5608 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:06:31.0164 5608 amdxata - ok
16:06:31.0196 5608 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
16:06:31.0196 5608 AppID - ok
16:06:31.0242 5608 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:06:31.0242 5608 AppIDSvc - ok
16:06:31.0242 5608 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
16:06:31.0258 5608 Appinfo - ok
16:06:31.0383 5608 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:06:31.0383 5608 Apple Mobile Device - ok
16:06:31.0430 5608 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
16:06:31.0430 5608 arc - ok
16:06:31.0445 5608 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
16:06:31.0445 5608 arcsas - ok
16:06:31.0508 5608 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
16:06:31.0508 5608 aswFsBlk - ok
16:06:31.0570 5608 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\windows\system32\drivers\aswFW.sys
16:06:31.0570 5608 aswFW - ok
16:06:31.0632 5608 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\windows\system32\drivers\aswKbd.sys
16:06:31.0632 5608 aswKbd - ok
16:06:31.0726 5608 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
16:06:31.0726 5608 aswMonFlt - ok
16:06:31.0788 5608 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys
16:06:31.0788 5608 aswNdis - ok
16:06:31.0835 5608 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys
16:06:31.0835 5608 aswNdis2 - ok
16:06:31.0898 5608 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
16:06:31.0898 5608 aswRdr - ok
16:06:31.0960 5608 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\windows\system32\drivers\aswSnx.sys
16:06:31.0960 5608 aswSnx - ok
16:06:31.0976 5608 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\windows\system32\drivers\aswSP.sys
16:06:31.0991 5608 aswSP - ok
16:06:32.0007 5608 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\windows\system32\drivers\aswTdi.sys
16:06:32.0007 5608 aswTdi - ok
16:06:32.0038 5608 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:06:32.0038 5608 AsyncMac - ok
16:06:32.0069 5608 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
16:06:32.0069 5608 atapi - ok
16:06:32.0178 5608 [ 712D8A95E45B070114C5309ADA7358FF ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
16:06:32.0210 5608 atikmdag - ok
16:06:32.0272 5608 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:06:32.0272 5608 AudioEndpointBuilder - ok
16:06:32.0303 5608 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
16:06:32.0303 5608 Audiosrv - ok
16:06:32.0428 5608 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:06:32.0428 5608 avast! Antivirus - ok
16:06:32.0490 5608 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
16:06:32.0490 5608 avast! Firewall - ok
16:06:32.0522 5608 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
16:06:32.0522 5608 AxInstSV - ok
16:06:32.0568 5608 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
16:06:32.0584 5608 b06bdrv - ok
16:06:32.0615 5608 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
16:06:32.0615 5608 b57nd60x - ok
16:06:32.0662 5608 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
16:06:32.0662 5608 BDESVC - ok
16:06:32.0678 5608 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
16:06:32.0678 5608 Beep - ok
16:06:32.0724 5608 [ B46CA7A8D52D878408DB9554445C41A1 ] BEHRINGER_2902 C:\windows\system32\Drivers\BUSB2902.sys
16:06:32.0724 5608 BEHRINGER_2902 - ok
16:06:32.0756 5608 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
16:06:32.0771 5608 BFE - ok
16:06:32.0834 5608 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\system32\qmgr.dll
16:06:32.0849 5608 BITS - ok
16:06:32.0865 5608 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:06:32.0865 5608 blbdrive - ok
16:06:32.0958 5608 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:06:32.0958 5608 Bonjour Service - ok
16:06:33.0005 5608 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:06:33.0005 5608 bowser - ok
16:06:33.0036 5608 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
16:06:33.0036 5608 BrFiltLo - ok
16:06:33.0052 5608 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
16:06:33.0052 5608 BrFiltUp - ok
16:06:33.0099 5608 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
16:06:33.0099 5608 BridgeMP - ok
16:06:33.0130 5608 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\windows\System32\browser.dll
16:06:33.0130 5608 Browser - ok
16:06:33.0146 5608 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:06:33.0146 5608 Brserid - ok
16:06:33.0161 5608 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:06:33.0161 5608 BrSerWdm - ok
16:06:33.0177 5608 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:06:33.0177 5608 BrUsbMdm - ok
16:06:33.0192 5608 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:06:33.0192 5608 BrUsbSer - ok
16:06:33.0208 5608 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:06:33.0208 5608 BTHMODEM - ok
16:06:33.0239 5608 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
16:06:33.0239 5608 bthserv - ok
16:06:33.0270 5608 [ F1D6AD745DBF94A141D077B6C9E22F00 ] BUSB_AUDIO_WDM C:\windows\system32\drivers\busbwdm.sys
16:06:33.0270 5608 BUSB_AUDIO_WDM - ok
16:06:33.0395 5608 catchme - ok
16:06:33.0426 5608 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:06:33.0426 5608 cdfs - ok
16:06:33.0458 5608 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:06:33.0458 5608 cdrom - ok
16:06:33.0489 5608 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
16:06:33.0489 5608 CertPropSvc - ok
16:06:33.0551 5608 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
16:06:33.0567 5608 cfWiMAXService - ok
16:06:33.0582 5608 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
16:06:33.0582 5608 circlass - ok
16:06:33.0598 5608 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
16:06:33.0598 5608 CLFS - ok
16:06:33.0660 5608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:06:33.0660 5608 clr_optimization_v2.0.50727_32 - ok
16:06:33.0785 5608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:06:33.0785 5608 clr_optimization_v4.0.30319_32 - ok
16:06:33.0816 5608 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:06:33.0816 5608 CmBatt - ok
16:06:33.0832 5608 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
16:06:33.0832 5608 cmdide - ok
16:06:33.0863 5608 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\windows\system32\Drivers\cng.sys
16:06:33.0863 5608 CNG - ok
16:06:33.0879 5608 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
16:06:33.0879 5608 Compbatt - ok
16:06:33.0910 5608 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:06:33.0910 5608 CompositeBus - ok
16:06:33.0926 5608 COMSysApp - ok
16:06:33.0957 5608 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:06:33.0957 5608 ConfigFree Service - ok
16:06:33.0988 5608 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
16:06:33.0988 5608 crcdisk - ok
16:06:34.0019 5608 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\windows\system32\cryptsvc.dll
16:06:34.0019 5608 CryptSvc - ok
16:06:34.0066 5608 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
16:06:34.0066 5608 DcomLaunch - ok
16:06:34.0097 5608 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
16:06:34.0097 5608 defragsvc - ok
16:06:34.0160 5608 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:06:34.0175 5608 DfsC - ok
16:06:34.0191 5608 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
16:06:34.0206 5608 Dhcp - ok
16:06:34.0206 5608 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
16:06:34.0206 5608 discache - ok
16:06:34.0253 5608 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
16:06:34.0253 5608 Disk - ok
16:06:34.0284 5608 dldt_device - ok
16:06:34.0316 5608 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:06:34.0316 5608 Dnscache - ok
16:06:34.0331 5608 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
16:06:34.0331 5608 dot3svc - ok
16:06:34.0347 5608 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
16:06:34.0362 5608 DPS - ok
16:06:34.0378 5608 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:06:34.0378 5608 drmkaud - ok
16:06:34.0425 5608 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:06:34.0440 5608 DXGKrnl - ok
16:06:34.0487 5608 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
16:06:34.0487 5608 EapHost - ok
16:06:34.0581 5608 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
16:06:34.0596 5608 ebdrv - ok
16:06:34.0659 5608 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\windows\System32\lsass.exe
16:06:34.0674 5608 EFS - ok
16:06:34.0721 5608 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:06:34.0752 5608 ehRecvr - ok
16:06:34.0784 5608 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
16:06:34.0784 5608 ehSched - ok
16:06:34.0799 5608 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
16:06:34.0799 5608 elxstor - ok
16:06:34.0815 5608 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
16:06:34.0815 5608 ErrDev - ok
16:06:34.0862 5608 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
16:06:34.0862 5608 EventSystem - ok
16:06:34.0893 5608 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
16:06:34.0893 5608 exfat - ok
16:06:34.0971 5608 Fabs - ok
16:06:34.0986 5608 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
16:06:34.0986 5608 fastfat - ok
16:06:35.0018 5608 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
16:06:35.0049 5608 Fax - ok
16:06:35.0080 5608 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
16:06:35.0080 5608 fdc - ok
16:06:35.0111 5608 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
16:06:35.0111 5608 fdPHost - ok
16:06:35.0127 5608 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
16:06:35.0127 5608 FDResPub - ok
16:06:35.0142 5608 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:06:35.0142 5608 FileInfo - ok
16:06:35.0158 5608 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:06:35.0158 5608 Filetrace - ok
16:06:35.0252 5608 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:06:35.0361 5608 FirebirdServerMAGIXInstance - ok
16:06:35.0439 5608 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:06:35.0439 5608 FLEXnet Licensing Service - ok
16:06:35.0454 5608 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
16:06:35.0454 5608 flpydisk - ok
16:06:35.0486 5608 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:06:35.0486 5608 FltMgr - ok
16:06:35.0548 5608 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll
16:06:35.0579 5608 FontCache - ok
16:06:35.0657 5608 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:06:35.0657 5608 FontCache3.0.0.0 - ok
16:06:35.0673 5608 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:06:35.0688 5608 FsDepends - ok
16:06:35.0735 5608 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
16:06:35.0735 5608 fssfltr - ok
16:06:35.0844 5608 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:06:35.0891 5608 fsssvc - ok
16:06:35.0938 5608 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:06:35.0938 5608 Fs_Rec - ok
16:06:35.0985 5608 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:06:35.0985 5608 fvevol - ok
16:06:36.0016 5608 [ 0F76E205BDC60364F08A5949082771CA ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
16:06:36.0016 5608 FwLnk - ok
16:06:36.0063 5608 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
16:06:36.0063 5608 gagp30kx - ok
16:06:36.0110 5608 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:06:36.0110 5608 GEARAspiWDM - ok
16:06:36.0172 5608 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
16:06:36.0188 5608 gpsvc - ok
16:06:36.0250 5608 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1caa876f59d3878 C:\Program Files\Google\Update\GoogleUpdate.exe
16:06:36.0250 5608 gupdate1caa876f59d3878 - ok
16:06:36.0266 5608 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:06:36.0266 5608 gupdatem - ok
16:06:36.0297 5608 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:06:36.0297 5608 hcw85cir - ok
16:06:36.0328 5608 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:06:36.0328 5608 HdAudAddService - ok
16:06:36.0359 5608 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:06:36.0359 5608 HDAudBus - ok
16:06:36.0375 5608 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
16:06:36.0375 5608 HidBatt - ok
16:06:36.0390 5608 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
16:06:36.0390 5608 HidBth - ok
16:06:36.0422 5608 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
16:06:36.0422 5608 HidIr - ok
16:06:36.0453 5608 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
16:06:36.0468 5608 hidserv - ok
16:06:36.0484 5608 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
16:06:36.0484 5608 HidUsb - ok
16:06:36.0515 5608 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
16:06:36.0515 5608 hkmsvc - ok
16:06:36.0531 5608 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:06:36.0531 5608 HomeGroupListener - ok
16:06:36.0562 5608 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:06:36.0578 5608 HomeGroupProvider - ok
16:06:36.0609 5608 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
16:06:36.0609 5608 HpSAMD - ok
16:06:36.0640 5608 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
16:06:36.0656 5608 HTTP - ok
16:06:36.0656 5608 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:06:36.0656 5608 hwpolicy - ok
16:06:36.0687 5608 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:06:36.0687 5608 i8042prt - ok
16:06:36.0718 5608 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
16:06:36.0718 5608 iaStor - ok
16:06:36.0780 5608 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:06:36.0780 5608 iaStorV - ok
16:06:36.0843 5608 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:06:36.0858 5608 idsvc - ok
16:06:36.0999 5608 [ 315AAAA2BC9BC778ADC0454B3CA8DCCE ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
16:06:37.0046 5608 igfx - ok
16:06:37.0077 5608 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
16:06:37.0077 5608 iirsp - ok
16:06:37.0124 5608 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
16:06:37.0155 5608 IKEEXT - ok
16:06:37.0264 5608 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:06:37.0280 5608 IntcAzAudAddService - ok
16:06:37.0295 5608 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
16:06:37.0295 5608 intelide - ok
16:06:37.0311 5608 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:06:37.0326 5608 intelppm - ok
16:06:37.0373 5608 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:06:37.0373 5608 IPBusEnum - ok
16:06:37.0389 5608 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:06:37.0389 5608 IpFilterDriver - ok
16:06:37.0436 5608 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:06:37.0451 5608 iphlpsvc - ok
16:06:37.0467 5608 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
16:06:37.0467 5608 IPMIDRV - ok
16:06:37.0482 5608 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:06:37.0498 5608 IPNAT - ok
16:06:37.0529 5608 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:06:37.0545 5608 iPod Service - ok
16:06:37.0560 5608 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
16:06:37.0560 5608 IRENUM - ok
16:06:37.0576 5608 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
16:06:37.0576 5608 isapnp - ok
16:06:37.0592 5608 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
16:06:37.0592 5608 iScsiPrt - ok
16:06:37.0607 5608 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:06:37.0607 5608 kbdclass - ok
16:06:37.0638 5608 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
16:06:37.0638 5608 kbdhid - ok
16:06:37.0638 5608 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\windows\system32\lsass.exe
16:06:37.0654 5608 KeyIso - ok
16:06:37.0670 5608 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:06:37.0670 5608 KSecDD - ok
16:06:37.0701 5608 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:06:37.0701 5608 KSecPkg - ok
16:06:37.0732 5608 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
16:06:37.0748 5608 KtmRm - ok
16:06:37.0779 5608 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\System32\srvsvc.dll
16:06:37.0794 5608 LanmanServer - ok
16:06:37.0826 5608 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:06:37.0841 5608 LanmanWorkstation - ok
16:06:37.0888 5608 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:06:37.0888 5608 lltdio - ok
16:06:37.0919 5608 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
16:06:37.0919 5608 lltdsvc - ok
16:06:37.0935 5608 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
16:06:37.0935 5608 lmhosts - ok
16:06:37.0997 5608 [ DE65EBD42567C33C0152E308A982B834 ] LoopBeMidi1 C:\windows\system32\drivers\loopbe1.sys
16:06:37.0997 5608 LoopBeMidi1 - ok
16:06:38.0028 5608 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
16:06:38.0028 5608 LSI_FC - ok
16:06:38.0044 5608 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
16:06:38.0044 5608 LSI_SAS - ok
16:06:38.0060 5608 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
16:06:38.0060 5608 LSI_SAS2 - ok
16:06:38.0075 5608 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
16:06:38.0075 5608 LSI_SCSI - ok
16:06:38.0091 5608 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
16:06:38.0091 5608 luafv - ok
16:06:38.0122 5608 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:06:38.0122 5608 Mcx2Svc - ok
16:06:38.0278 5608 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files\MediaMall\MediaMallServer.exe
16:06:38.0372 5608 MediaMall Server - ok
16:06:38.0403 5608 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
16:06:38.0403 5608 megasas - ok
16:06:38.0434 5608 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
16:06:38.0434 5608 MegaSR - ok
16:06:38.0465 5608 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
16:06:38.0465 5608 MMCSS - ok
16:06:38.0481 5608 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
16:06:38.0481 5608 Modem - ok
16:06:38.0512 5608 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:06:38.0512 5608 monitor - ok
16:06:38.0543 5608 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:06:38.0543 5608 mouclass - ok
16:06:38.0559 5608 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:06:38.0559 5608 mouhid - ok
16:06:38.0574 5608 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:06:38.0574 5608 mountmgr - ok
16:06:38.0637 5608 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:06:38.0637 5608 MozillaMaintenance - ok
16:06:38.0652 5608 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
16:06:38.0652 5608 mpio - ok
16:06:38.0668 5608 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:06:38.0684 5608 mpsdrv - ok
16:06:38.0715 5608 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
16:06:38.0730 5608 MpsSvc - ok
16:06:38.0746 5608 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:06:38.0746 5608 MRxDAV - ok
16:06:38.0808 5608 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:06:38.0808 5608 mrxsmb - ok
16:06:38.0824 5608 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:06:38.0840 5608 mrxsmb10 - ok
16:06:38.0871 5608 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:06:38.0871 5608 mrxsmb20 - ok
16:06:38.0886 5608 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
16:06:38.0886 5608 msahci - ok
16:06:38.0918 5608 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
16:06:38.0918 5608 msdsm - ok
16:06:38.0949 5608 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
16:06:38.0949 5608 MSDTC - ok
16:06:38.0964 5608 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
16:06:38.0964 5608 Msfs - ok
16:06:38.0996 5608 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:06:38.0996 5608 mshidkmdf - ok
16:06:39.0011 5608 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
16:06:39.0011 5608 msisadrv - ok
16:06:39.0058 5608 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:06:39.0058 5608 MSiSCSI - ok
16:06:39.0058 5608 msiserver - ok
16:06:39.0089 5608 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:06:39.0089 5608 MSKSSRV - ok
16:06:39.0120 5608 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:06:39.0120 5608 MSPCLOCK - ok
16:06:39.0120 5608 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:06:39.0120 5608 MSPQM - ok
16:06:39.0136 5608 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:06:39.0152 5608 MsRPC - ok
16:06:39.0167 5608 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:06:39.0167 5608 mssmbios - ok
16:06:39.0183 5608 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:06:39.0183 5608 MSTEE - ok
16:06:39.0230 5608 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\windows\system32\drivers\povrtdev.sys
16:06:39.0230 5608 msvad_simple - ok
16:06:39.0245 5608 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:06:39.0245 5608 MTConfig - ok
16:06:39.0261 5608 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
16:06:39.0261 5608 Mup - ok
16:06:39.0292 5608 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
16:06:39.0292 5608 napagent - ok
16:06:39.0323 5608 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:06:39.0339 5608 NativeWifiP - ok
16:06:39.0386 5608 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
16:06:39.0386 5608 NDIS - ok
16:06:39.0401 5608 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:06:39.0401 5608 NdisCap - ok
16:06:39.0432 5608 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:06:39.0432 5608 NdisTapi - ok
16:06:39.0448 5608 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:06:39.0448 5608 Ndisuio - ok
16:06:39.0464 5608 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:06:39.0464 5608 NdisWan - ok
16:06:39.0479 5608 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:06:39.0495 5608 NDProxy - ok
16:06:39.0526 5608 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:06:39.0526 5608 NetBIOS - ok
16:06:39.0542 5608 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:06:39.0542 5608 NetBT - ok
16:06:39.0557 5608 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\windows\system32\lsass.exe
16:06:39.0557 5608 Netlogon - ok
16:06:39.0604 5608 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
16:06:39.0604 5608 Netman - ok
16:06:39.0635 5608 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
16:06:39.0635 5608 netprofm - ok
16:06:39.0651 5608 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:06:39.0651 5608 NetTcpPortSharing - ok
16:06:39.0682 5608 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:06:39.0682 5608 nfrd960 - ok
16:06:39.0682 5608 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
16:06:39.0698 5608 NlaSvc - ok
16:06:39.0698 5608 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
16:06:39.0713 5608 Npfs - ok
16:06:39.0713 5608 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
16:06:39.0729 5608 nsi - ok
16:06:39.0744 5608 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:06:39.0744 5608 nsiproxy - ok
16:06:39.0807 5608 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:06:39.0838 5608 Ntfs - ok
16:06:39.0869 5608 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
16:06:39.0869 5608 Null - ok
16:06:39.0916 5608 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:06:39.0916 5608 nvraid - ok
16:06:39.0947 5608 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:06:39.0947 5608 nvstor - ok
16:06:39.0978 5608 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
16:06:39.0978 5608 nv_agp - ok
16:06:40.0072 5608 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:06:40.0072 5608 odserv - ok
16:06:40.0088 5608 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
16:06:40.0088 5608 ohci1394 - ok
16:06:40.0150 5608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:06:40.0150 5608 ose - ok
16:06:40.0181 5608 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:06:40.0197 5608 p2pimsvc - ok
16:06:40.0228 5608 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
16:06:40.0244 5608 p2psvc - ok
16:06:40.0275 5608 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:06:40.0275 5608 Parport - ok
16:06:40.0290 5608 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\windows\system32\drivers\partmgr.sys
16:06:40.0290 5608 partmgr - ok
16:06:40.0306 5608 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
16:06:40.0306 5608 Parvdm - ok
16:06:40.0322 5608 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
16:06:40.0322 5608 PcaSvc - ok
16:06:40.0337 5608 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
16:06:40.0353 5608 pci - ok
16:06:40.0353 5608 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
16:06:40.0353 5608 pciide - ok
16:06:40.0400 5608 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:06:40.0400 5608 pcmcia - ok
16:06:40.0415 5608 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
16:06:40.0415 5608 pcw - ok
16:06:40.0446 5608 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:06:40.0462 5608 PEAUTH - ok
16:06:40.0509 5608 [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
16:06:40.0509 5608 PGEffect - ok
16:06:40.0571 5608 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
16:06:40.0618 5608 pla - ok
16:06:40.0680 5608 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:06:40.0696 5608 PlugPlay - ok
16:06:40.0712 5608 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:06:40.0712 5608 PNRPAutoReg - ok
16:06:40.0727 5608 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:06:40.0743 5608 PNRPsvc - ok
16:06:40.0774 5608 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:06:40.0774 5608 PolicyAgent - ok
16:06:40.0805 5608 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
16:06:40.0821 5608 Power - ok
16:06:40.0852 5608 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:06:40.0852 5608 PptpMiniport - ok
16:06:40.0868 5608 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
16:06:40.0868 5608 Processor - ok
16:06:40.0914 5608 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
16:06:40.0930 5608 ProfSvc - ok
16:06:40.0930 5608 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\windows\system32\lsass.exe
16:06:40.0946 5608 ProtectedStorage - ok
16:06:40.0977 5608 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:06:40.0977 5608 Psched - ok
16:06:41.0039 5608 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
16:06:41.0039 5608 PxHelp20 - ok
16:06:41.0102 5608 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:06:41.0117 5608 ql2300 - ok
16:06:41.0133 5608 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:06:41.0133 5608 ql40xx - ok
16:06:41.0180 5608 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
16:06:41.0180 5608 QWAVE - ok
16:06:41.0195 5608 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:06:41.0195 5608 QWAVEdrv - ok
16:06:41.0226 5608 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:06:41.0226 5608 RasAcd - ok
16:06:41.0258 5608 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:06:41.0258 5608 RasAgileVpn - ok
16:06:41.0273 5608 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
16:06:41.0273 5608 RasAuto - ok
16:06:41.0289 5608 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:06:41.0289 5608 Rasl2tp - ok
16:06:41.0336 5608 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
16:06:41.0351 5608 RasMan - ok
16:06:41.0382 5608 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:06:41.0382 5608 RasPppoe - ok
16:06:41.0398 5608 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:06:41.0398 5608 RasSstp - ok
16:06:41.0445 5608 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:06:41.0445 5608 rdbss - ok
16:06:41.0460 5608 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:06:41.0460 5608 rdpbus - ok
16:06:41.0476 5608 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:06:41.0476 5608 RDPCDD - ok
16:06:41.0507 5608 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:06:41.0507 5608 RDPENCDD - ok
16:06:41.0523 5608 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:06:41.0523 5608 RDPREFMP - ok
16:06:41.0538 5608 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:06:41.0538 5608 RDPWD - ok
16:06:41.0554 5608 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:06:41.0554 5608 rdyboost - ok
16:06:41.0585 5608 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
16:06:41.0585 5608 RemoteAccess - ok
16:06:41.0616 5608 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:06:41.0616 5608 RemoteRegistry - ok
16:06:41.0648 5608 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:06:41.0648 5608 RpcEptMapper - ok
16:06:41.0663 5608 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
16:06:41.0663 5608 RpcLocator - ok
16:06:41.0694 5608 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
16:06:41.0694 5608 RpcSs - ok
16:06:41.0741 5608 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:06:41.0741 5608 rspndr - ok
16:06:41.0772 5608 [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
16:06:41.0772 5608 RSUSBSTOR - ok
16:06:41.0819 5608 [ 6465166DD9B2F841DABAD16ABDADBE98 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
16:06:41.0819 5608 RTL8167 - ok
16:06:41.0882 5608 [ 44B7739F2D623AD6FB46755BB60351A4 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
16:06:41.0882 5608 rtl8192se - ok
16:06:41.0897 5608 RtsUIR - ok
16:06:41.0913 5608 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\windows\system32\lsass.exe
16:06:41.0913 5608 SamSs - ok
16:06:41.0960 5608 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
16:06:41.0960 5608 sbp2port - ok
16:06:41.0991 5608 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
16:06:41.0991 5608 SCardSvr - ok
16:06:42.0006 5608 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:06:42.0006 5608 scfilter - ok
16:06:42.0069 5608 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
16:06:42.0069 5608 Schedule - ok
16:06:42.0084 5608 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
16:06:42.0084 5608 SCPolicySvc - ok
16:06:42.0100 5608 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:06:42.0100 5608 SDRSVC - ok
16:06:42.0131 5608 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:06:42.0131 5608 secdrv - ok
16:06:42.0147 5608 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
16:06:42.0162 5608 seclogon - ok
16:06:42.0178 5608 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
16:06:42.0178 5608 SENS - ok
16:06:42.0194 5608 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
16:06:42.0194 5608 SensrSvc - ok
16:06:42.0225 5608 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
16:06:42.0225 5608 Serenum - ok
16:06:42.0240 5608 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
16:06:42.0240 5608 Serial - ok
16:06:42.0272 5608 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
16:06:42.0272 5608 sermouse - ok
16:06:42.0303 5608 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
16:06:42.0318 5608 SessionEnv - ok
16:06:42.0334 5608 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
16:06:42.0334 5608 sffdisk - ok
16:06:42.0350 5608 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
16:06:42.0350 5608 sffp_mmc - ok
16:06:42.0365 5608 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
16:06:42.0365 5608 sffp_sd - ok
16:06:42.0381 5608 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
16:06:42.0381 5608 sfloppy - ok
16:06:42.0396 5608 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
16:06:42.0412 5608 SharedAccess - ok
16:06:42.0428 5608 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:06:42.0443 5608 ShellHWDetection - ok
16:06:42.0443 5608 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
16:06:42.0459 5608 sisagp - ok
16:06:42.0474 5608 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
16:06:42.0474 5608 SiSRaid2 - ok
16:06:42.0506 5608 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
16:06:42.0506 5608 SiSRaid4 - ok
16:06:42.0584 5608 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:06:42.0584 5608 SkypeUpdate - ok
16:06:42.0599 5608 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
16:06:42.0615 5608 Smb - ok
16:06:42.0662 5608 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:06:42.0662 5608 SNMPTRAP - ok
16:06:42.0677 5608 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
16:06:42.0693 5608 spldr - ok
16:06:42.0724 5608 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\windows\System32\spoolsv.exe
16:06:42.0740 5608 Spooler - ok
16:06:42.0818 5608 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
16:06:42.0896 5608 sppsvc - ok
16:06:42.0911 5608 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:06:42.0911 5608 sppuinotify - ok
16:06:42.0989 5608 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\System32\Drivers\sptd.sys
16:06:42.0989 5608 sptd - ok
16:06:43.0036 5608 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
16:06:43.0052 5608 srv - ok
16:06:43.0067 5608 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:06:43.0067 5608 srv2 - ok
16:06:43.0130 5608 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:06:43.0130 5608 srvnet - ok
16:06:43.0145 5608 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:06:43.0145 5608 SSDPSRV - ok
16:06:43.0161 5608 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
16:06:43.0176 5608 SstpSvc - ok
16:06:43.0192 5608 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
16:06:43.0208 5608 stexstor - ok
16:06:43.0254 5608 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
16:06:43.0270 5608 StiSvc - ok
16:06:43.0286 5608 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:06:43.0286 5608 swenum - ok
16:06:43.0301 5608 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
16:06:43.0301 5608 swprv - ok
16:06:43.0364 5608 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:06:43.0364 5608 SynTP - ok
16:06:43.0395 5608 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
16:06:43.0426 5608 SysMain - ok
16:06:43.0457 5608 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
16:06:43.0457 5608 TabletInputService - ok
16:06:43.0473 5608 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
16:06:43.0473 5608 TapiSrv - ok
16:06:43.0488 5608 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
16:06:43.0488 5608 TBS - ok
16:06:43.0535 5608 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:06:43.0566 5608 Tcpip - ok
16:06:43.0629 5608 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:06:43.0629 5608 TCPIP6 - ok
16:06:43.0660 5608 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:06:43.0660 5608 tcpipreg - ok
16:06:43.0707 5608 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
16:06:43.0707 5608 tdcmdpst - ok
16:06:43.0722 5608 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:06:43.0722 5608 TDPIPE - ok
16:06:43.0738 5608 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:06:43.0738 5608 TDTCP - ok
16:06:43.0754 5608 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:06:43.0754 5608 tdx - ok
16:06:43.0769 5608 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:06:43.0769 5608 TermDD - ok
16:06:43.0816 5608 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
16:06:43.0816 5608 TermService - ok
16:06:43.0832 5608 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
16:06:43.0832 5608 Themes - ok
16:06:43.0863 5608 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
16:06:43.0863 5608 THREADORDER - ok
16:06:43.0894 5608 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:06:43.0894 5608 TMachInfo - ok
16:06:43.0925 5608 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
16:06:43.0925 5608 TODDSrv - ok
16:06:43.0972 5608 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:06:43.0988 5608 TosCoSrv - ok
16:06:44.0034 5608 [ 0B5FA26E0C8A8E07A6DF3DF4E5711DA8 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:06:44.0034 5608 TOSHIBA eco Utility Service - ok
16:06:44.0066 5608 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:06:44.0081 5608 TOSHIBA HDD SSD Alert Service - ok
16:06:44.0112 5608 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
16:06:44.0112 5608 tos_sps32 - ok
16:06:44.0159 5608 [ 31D2881B0647F2B09B118B9B50C02888 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:06:44.0159 5608 TPCHSrv - ok
16:06:44.0206 5608 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
16:06:44.0206 5608 TrkWks - ok
16:06:44.0253 5608 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:06:44.0268 5608 TrustedInstaller - ok
16:06:44.0284 5608 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:06:44.0284 5608 tssecsrv - ok
16:06:44.0331 5608 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:06:44.0331 5608 tunnel - ok
16:06:44.0378 5608 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:06:44.0378 5608 TVALZ - ok
16:06:44.0378 5608 [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
16:06:44.0378 5608 TVALZFL - ok
16:06:44.0393 5608 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
16:06:44.0393 5608 uagp35 - ok
16:06:44.0424 5608 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:06:44.0424 5608 udfs - ok
16:06:44.0456 5608 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:06:44.0471 5608 UI0Detect - ok
16:06:44.0471 5608 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
16:06:44.0471 5608 uliagpkx - ok
16:06:44.0502 5608 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:06:44.0502 5608 umbus - ok
16:06:44.0534 5608 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
16:06:44.0534 5608 UmPass - ok
16:06:44.0565 5608 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
16:06:44.0565 5608 upnphost - ok
16:06:44.0612 5608 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
16:06:44.0612 5608 usbaudio - ok
16:06:44.0627 5608 [ 5353218B3265E3B8190335059F697A11 ] usbbus C:\windows\system32\DRIVERS\lgusbbus.sys
16:06:44.0627 5608 usbbus - ok
16:06:44.0674 5608 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:06:44.0674 5608 usbccgp - ok
16:06:44.0674 5608 USBCCID - ok
16:06:44.0721 5608 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
16:06:44.0721 5608 usbcir - ok
16:06:44.0752 5608 [ 7DD3EEFC62A1EF44E5F940FA651ED9ED ] UsbDiag C:\windows\system32\DRIVERS\lgusbdiag.sys
16:06:44.0752 5608 UsbDiag - ok
16:06:44.0799 5608 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:06:44.0799 5608 usbehci - ok
16:06:44.0830 5608 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:06:44.0846 5608 usbhub - ok
16:06:44.0861 5608 [ 083031A78822ECCBD7510BCCD3E20D4C ] USBModem C:\windows\system32\DRIVERS\lgusbmodem.sys
16:06:44.0861 5608 USBModem - ok
16:06:44.0892 5608 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\windows\system32\drivers\usbohci.sys
16:06:44.0892 5608 usbohci - ok
16:06:44.0908 5608 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
16:06:44.0908 5608 usbprint - ok
16:06:44.0955 5608 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
16:06:44.0955 5608 usbscan - ok
16:06:44.0986 5608 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:06:45.0002 5608 USBSTOR - ok
16:06:45.0017 5608 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
16:06:45.0017 5608 usbuhci - ok
16:06:45.0048 5608 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
16:06:45.0048 5608 usbvideo - ok
16:06:45.0080 5608 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
16:06:45.0080 5608 UxSms - ok
16:06:45.0095 5608 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\windows\system32\lsass.exe
16:06:45.0095 5608 VaultSvc - ok
16:06:45.0126 5608 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
16:06:45.0126 5608 vdrvroot - ok
16:06:45.0158 5608 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
16:06:45.0173 5608 vds - ok
16:06:45.0189 5608 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:06:45.0189 5608 vga - ok
16:06:45.0204 5608 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
16:06:45.0204 5608 VgaSave - ok
16:06:45.0220 5608 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
16:06:45.0220 5608 vhdmp - ok
16:06:45.0251 5608 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
16:06:45.0251 5608 viaagp - ok
16:06:45.0267 5608 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
16:06:45.0267 5608 ViaC7 - ok
16:06:45.0282 5608 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
16:06:45.0282 5608 viaide - ok
16:06:45.0298 5608 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
16:06:45.0298 5608 volmgr - ok
16:06:45.0314 5608 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:06:45.0329 5608 volmgrx - ok
16:06:45.0360 5608 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
16:06:45.0376 5608 volsnap - ok
16:06:45.0392 5608 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
16:06:45.0392 5608 vsmraid - ok
16:06:45.0438 5608 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
16:06:45.0454 5608 VSS - ok
16:06:45.0485 5608 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:06:45.0485 5608 vwifibus - ok
16:06:45.0501 5608 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:06:45.0516 5608 vwififlt - ok
16:06:45.0548 5608 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
16:06:45.0548 5608 vwifimp - ok
16:06:45.0563 5608 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
16:06:45.0563 5608 W32Time - ok
16:06:45.0610 5608 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
16:06:45.0610 5608 WacomPen - ok
16:06:45.0657 5608 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:06:45.0657 5608 WANARP - ok
16:06:45.0657 5608 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:06:45.0657 5608 Wanarpv6 - ok
16:06:45.0750 5608 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:06:45.0782 5608 WatAdminSvc - ok
16:06:45.0844 5608 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
16:06:45.0875 5608 wbengine - ok
16:06:45.0891 5608 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:06:45.0906 5608 WbioSrvc - ok
16:06:45.0938 5608 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
16:06:45.0938 5608 wcncsvc - ok
16:06:45.0953 5608 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:06:45.0969 5608 WcsPlugInService - ok
16:06:45.0984 5608 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
16:06:45.0984 5608 Wd - ok
16:06:46.0016 5608 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:06:46.0031 5608 Wdf01000 - ok
16:06:46.0031 5608 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
16:06:46.0047 5608 WdiServiceHost - ok
16:06:46.0047 5608 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
16:06:46.0047 5608 WdiSystemHost - ok
16:06:46.0094 5608 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll
16:06:46.0109 5608 WebClient - ok
16:06:46.0125 5608 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
16:06:46.0125 5608 Wecsvc - ok
16:06:46.0156 5608 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
16:06:46.0156 5608 wercplsupport - ok
16:06:46.0187 5608 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
16:06:46.0203 5608 WerSvc - ok
16:06:46.0218 5608 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:06:46.0218 5608 WfpLwf - ok
16:06:46.0234 5608 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:06:46.0234 5608 WIMMount - ok
16:06:46.0281 5608 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:06:46.0296 5608 WinDefend - ok
16:06:46.0296 5608 WinHttpAutoProxySvc - ok
16:06:46.0359 5608 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:06:46.0359 5608 Winmgmt - ok
16:06:46.0406 5608 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
16:06:46.0453 5608 WinRM - ok
16:06:46.0500 5608 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
16:06:46.0531 5608 Wlansvc - ok
16:06:46.0609 5608 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:06:46.0609 5608 wlcrasvc - ok
16:06:46.0719 5608 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:06:46.0734 5608 wlidsvc - ok
16:06:46.0750 5608 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:06:46.0750 5608 WmiAcpi - ok
16:06:46.0797 5608 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:06:46.0797 5608 wmiApSrv - ok
16:06:46.0859 5608 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:06:46.0859 5608 WMPNetworkSvc - ok
16:06:46.0890 5608 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
16:06:46.0890 5608 WPCSvc - ok
16:06:46.0906 5608 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:06:46.0906 5608 WPDBusEnum - ok
16:06:46.0921 5608 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:06:46.0937 5608 ws2ifsl - ok
16:06:46.0968 5608 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\windows\system32\wscsvc.dll
16:06:46.0984 5608 wscsvc - ok
16:06:47.0015 5608 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
16:06:47.0015 5608 WSDPrintDevice - ok
16:06:47.0015 5608 WSearch - ok
16:06:47.0109 5608 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
16:06:47.0171 5608 wuauserv - ok
16:06:47.0187 5608 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:06:47.0187 5608 WudfPf - ok
16:06:47.0218 5608 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:06:47.0218 5608 WUDFRd - ok
16:06:47.0265 5608 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:06:47.0265 5608 wudfsvc - ok
16:06:47.0296 5608 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
16:06:47.0296 5608 WwanSvc - ok
16:06:47.0311 5608 ================ Scan global ===============================
16:06:47.0343 5608 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
16:06:47.0374 5608 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
16:06:47.0389 5608 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
16:06:47.0452 5608 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:06:47.0483 5608 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:06:47.0483 5608 [Global] - ok
16:06:47.0483 5608 ================ Scan MBR ==================================
16:06:47.0499 5608 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:06:47.0686 5608 \Device\Harddisk0\DR0 - ok
16:06:47.0686 5608 ================ Scan VBR ==================================
16:06:47.0701 5608 [ 6F381EF7E452D9B253211668FE68A4E0 ] \Device\Harddisk0\DR0\Partition1
16:06:47.0701 5608 \Device\Harddisk0\DR0\Partition1 - ok
16:06:47.0701 5608 ============================================================
16:06:47.0701 5608 Scan finished
16:06:47.0701 5608 ============================================================
16:06:47.0717 5912 Detected object count: 0
16:06:47.0717 5912 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 16:07:46
-----------------------------
16:07:46.555 OS Version: Windows 6.1.7600
16:07:46.555 Number of processors: 2 586 0x170A
16:07:46.555 ComputerName: USER-PC UserName: User
16:07:47.600 Initialize success
16:07:48.317 AVAST engine defs: 12092401
16:08:07.599 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:08:07.599 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
16:08:07.661 Disk 0 MBR read successfully
16:08:07.661 Disk 0 MBR scan
16:08:08.114 Disk 0 Windows VISTA default MBR code
16:08:08.145 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:08:08.613 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295547 MB offset 3074048
16:08:08.644 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8197 MB offset 608354304
16:08:08.722 Disk 0 scanning sectors +625141760
16:08:09.128 Disk 0 scanning C:\windows\system32\drivers
16:08:25.024 Service scanning
16:08:52.403 Modules scanning
16:09:00.375 Disk 0 trace - called modules:
16:09:00.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:09:00.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c05878]
16:09:00.718 3 CLASSPNP.SYS[8b1cf59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85ded028]
16:09:02.028 AVAST engine scan C:\windows
16:09:04.977 AVAST engine scan C:\windows\system32
16:11:09.167 AVAST engine scan C:\windows\system32\drivers
16:11:19.557 AVAST engine scan C:\Users\User
16:12:06.279 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:12:06.279 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 24 September 2012 - 04:22 PM

Hello lufkinmj4

Lets get a deeper look into the system and see if something More shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 24 September 2012 - 07:15 PM

Here is the OTL report:

OTL logfile created on: 9/24/2012 7:43:39 PM - Run 1
OTL by OldTimer - Version 3.2.67.1 Folder = C:\Users\User\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 37.93% Memory free
5.74 Gb Paging File | 3.97 Gb Available in Paging File | 69.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.62 Gb Total Space | 174.78 Gb Free Space | 60.56% Space Free | Partition Type: NTFS
Drive D: | 5.88 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\User\Downloads\aswMBR.exe (AVAST Software)
PRC - C:\Users\User\Downloads\tdsskiller.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TEco.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\dldtcoms.exe ( )
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12092401\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll ()
MOD - C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll ()
MOD - C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MediaMall Server) -- C:\Program Files\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (dldt_device) -- C:\Windows\System32\dldtcoms.exe ( )
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\User\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswNdis2) -- C:\windows\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswKbd) -- C:\windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswFW) -- C:\windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (msvad_simple) -- C:\Windows\System32\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV - (aswNdis) -- C:\Windows\System32\drivers\aswNdis.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (BEHRINGER_2902) -- C:\Windows\System32\drivers\BUSB2902.sys (BEHRINGER)
DRV - (BUSB_AUDIO_WDM) -- C:\Windows\System32\drivers\busbwdm.sys (BEHRINGER)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (LoopBeMidi1) -- C:\Windows\System32\drivers\loopbe1.sys (nerds.de)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{B8D7795B-0BFF-4885-9EA0-FD71F1BE6E54}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{77A9C4AC-DAB9-4D7C-B8FF-81A320BE1FFF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PLTV52&o=100000018&src=kw&q={searchTerms}&locale=&apn_ptnrs=E5&apn_dtid=YYYYYYYYUS&apn_uid=f039381e-7adf-4ff0-911f-3cd9d1f5fac0&apn_sauid=46ECF952-B9BC-4611-A757-1A0BBADC093A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "TVersitybar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "TVersitybar Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: nfqjoabjch@nfqjoabjch.org:1.0
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3.328.4
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=PLTV52&o=100000018&locale=en_US&apn_uid=f039381e-7adf-4ff0-911f-3cd9d1f5fac0&apn_ptnrs=E5&apn_sauid=46ECF952-B9BC-4611-A757-1A0BBADC093A&apn_dtid=YYYYYYYYUS&&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/10 16:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 16:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/10 16:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/16 13:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 16:16:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/10 16:16:50 | 000,000,000 | ---D | M]

[2010/12/23 15:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/09/13 12:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\zhbb5zea.default\extensions
[2012/05/15 16:01:47 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zhbb5zea.default\extensions\nfqjoabjch@nfqjoabjch.org.xpi
[2012/03/27 17:46:57 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zhbb5zea.default\extensions\tineye@ideeinc.com.xpi
[2012/09/10 16:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/10 16:53:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/10 16:16:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/01 13:10:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/01 13:10:03 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=100000018cr&gct=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.ask.com/?l=dis&o=100000018cr&gct=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files\Downloader\npdd.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: International Basketball Manager = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghacinoaobbolmfheplaagkkjkpnedpo\2_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Cycling the Alps = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh\4.9.0.0_0\

O1 HOSTS File: ([2012/09/20 03:23:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE907CD0-647B-41B2-9F8F-CF059DE4D5A4}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 360 Days ==========

[2012/09/24 14:12:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/24 13:27:22 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2012/09/24 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4AFC38ED-43EF-4198-A25B-5171ED1EA041}
[2012/09/24 12:01:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/09/20 09:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/20 09:59:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/20 09:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/20 03:26:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012/09/20 02:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/20 02:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/20 02:40:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/20 02:40:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/20 02:40:06 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/09/17 03:06:19 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/09/13 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
[2012/09/10 16:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/10 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D8CB2F17-6533-41D9-9552-C93D83F78EC0}
[2012/09/06 10:46:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2012/09/06 10:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/09/05 16:24:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{377BFBF5-EAFF-4C12-946E-C79D990811CE}
[2012/08/14 19:53:01 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Red Kawa
[2012/08/14 19:53:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Red Kawa
[2012/07/30 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/07/30 16:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/07/30 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
[2012/07/30 16:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2012/07/24 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F7365A70-F55D-4AC4-A4F9-60E74EED1610}
[2012/07/24 22:33:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{06CB8871-BD34-4996-93F9-2A9983D902F5}
[2012/07/22 02:58:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0FE31262-BE68-4EC2-A923-178197B44133}
[2012/07/22 02:58:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B19A5CCA-771D-4CC6-8DAB-D33DD1985EA7}
[2012/07/20 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0841C8D8-7FCA-4D14-A71E-BC50735CE929}
[2012/07/20 14:42:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8FB7D428-6CC4-40CF-8BB0-9C8DC03476F5}
[2012/07/11 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\User\Downloads
[2012/07/09 14:58:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B897A601-57F2-4D66-A535-F0A2E8B55803}
[2012/07/09 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{419B793E-9262-418A-9E0C-C497A3FF3500}
[2012/07/08 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6ED354FE-4A44-4F4A-A5E5-F2895BCBCBF7}
[2012/07/08 20:17:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF2E7DDA-0535-490C-9A7F-4707D5A86F2A}
[2012/07/07 15:38:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CCB8571E-FFB4-4B9E-A44F-9C837C130B03}
[2012/07/07 15:38:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B45B1D44-D699-44C6-B197-A38EF489E536}
[2012/07/05 09:07:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FDDAB812-1BB0-4E7E-9813-16ACA37231D9}
[2012/07/05 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5DAABAF1-1D44-4E6E-B3AC-83D5749FC58E}
[2012/07/04 09:06:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C29C0566-F37D-4C08-90F9-C716F09B8862}
[2012/07/03 12:11:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B5856275-6A79-4D9F-8ADA-953A4B13F523}
[2012/07/03 12:11:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EFBB7615-8EC9-4098-891F-9540DEB8F9E3}
[2012/07/02 20:29:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C711A4E4-5D04-4480-9D12-DE7761E4A511}
[2012/07/02 20:29:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A2B8C182-87A5-4B92-A578-3DC60B1E670E}
[2012/07/02 20:28:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A56C9213-3863-4044-98F1-E1F47DACD094}
[2012/07/02 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{26A4940C-944C-4188-A8EB-3BC93E9F5358}
[2012/07/02 20:25:47 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/07/02 20:17:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ECD906E5-FE6C-4730-8ABB-6F0E1C513961}
[2012/07/02 20:17:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3E7A1275-6E7B-4331-B911-85CC83812F00}
[2012/07/02 20:16:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{99AC6507-D522-499D-B25E-8A24393EA403}
[2012/07/02 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A205FBFF-5A00-45F4-A987-67DD4E99230C}
[2012/07/02 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1070546A-C90F-4269-B3C5-B7BBAC8586A9}
[2012/06/25 14:24:22 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/25 14:24:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/25 14:23:56 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/25 14:23:55 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/25 14:23:55 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/25 14:23:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/25 14:23:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2012/06/15 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8576EC57-3333-45DA-BC76-A6A288E6C872}
[2012/06/14 10:21:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\APN
[2012/06/14 10:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Paltalk Messenger
[2012/06/01 10:24:20 | 000,000,000 | ---D | C] -- C:\windows\System32\Adobe
[2012/05/29 00:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/29 00:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/28 12:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Mogul
[2012/05/28 12:32:18 | 000,000,000 | ---D | C] -- C:\Sports Mogul
[2012/05/27 03:46:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2012/05/23 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
[2012/05/23 20:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ffdshowEx
[2012/05/16 13:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/16 13:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/16 13:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/16 13:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/15 19:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/09 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Thunderbird
[2012/05/09 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Thunderbird
[2012/05/09 00:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/05/08 01:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall
[2012/05/08 01:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMall
[2012/05/02 15:50:25 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/27 03:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/27 03:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/26 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE4F8305-A0DB-47FB-BD50-6635330D6727}
[2012/04/26 13:39:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{25C22DE4-7970-4D88-84B1-9D42B0B71160}
[2012/04/23 22:30:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7243CA9F-2631-4131-B829-A93448E78EB0}
[2012/04/23 22:30:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B917D418-41AF-4794-A5B3-FA5B0D993EB4}
[2012/04/23 22:25:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{21FACC82-071D-4F67-8CD8-49424D5C94BD}
[2012/04/23 22:24:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3960118D-E621-485F-8D64-F08A41577E6F}
[2012/04/23 22:24:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E51EDBA5-BC76-462E-B578-9ECCE91D2B10}
[2012/04/23 22:21:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3EF05D7F-37E6-4BA3-84F4-FFBCBA8ABBBA}
[2012/04/23 22:21:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D419826A-3503-414F-8575-6575873199DD}
[2012/04/23 22:08:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1AC6C290-80B2-41E3-8BD8-9D61B6656697}
[2012/04/23 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45E0C69D-4146-46AF-98A2-47F553A07C17}
[2012/04/23 22:01:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8A4342E7-C63D-4F14-981E-34843C800D0A}
[2012/04/23 22:01:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D7733971-ED4B-4450-B2EB-CB3A42126BDB}
[2012/04/23 21:53:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9A078DFE-1840-4972-AE08-B262AC272279}
[2012/04/23 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28DD0C07-6B0E-4425-9985-BDBFE4EB9F6D}
[2012/04/23 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3BF8374-6B82-4B56-AFC4-E7A1625FB0AD}
[2012/04/23 21:04:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3B7D95A9-9EC0-47F7-80F0-4C32F03A8A29}
[2012/04/22 11:46:37 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/04/19 11:25:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0FF699E5-4A46-46CA-8E01-F4E69F979938}
[2012/04/19 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1ECD23C8-C54D-4854-B043-E80B7F607BF2}
[2012/04/18 20:56:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2012/04/11 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{39EF34BF-1F7C-440B-926E-89E0EA4BFAF0}
[2012/04/05 11:20:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5F9D2222-E00A-4901-8D8D-D3C2EC8C33B8}
[2012/04/03 13:42:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CE61B441-C01F-4C66-A885-C57E787677C5}
[2012/04/02 13:57:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{38965CBB-CFBE-4311-AECC-023B9B53BB15}
[2012/03/29 00:28:08 | 000,023,920 | ---- | C] (MediaMall Technologies, Inc.) -- C:\windows\System32\drivers\povrtdev.sys
[2012/03/26 00:07:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVersity Media Server
[2012/03/26 00:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
[2012/03/26 00:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TVersity
[2012/03/08 18:37:20 | 000,302,448 | ---- | C] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2012/03/05 16:04:25 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/03/05 16:04:25 | 000,018,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2012/03/03 12:59:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\mkvtoolnix
[2012/03/03 04:56:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MPlayer
[2012/03/03 04:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/03 04:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/03 04:55:00 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npdeployJava1.dll
[2012/03/03 04:55:00 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/03/03 04:54:59 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/03/03 04:54:58 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/03/03 04:54:58 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/03/03 04:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/03/03 04:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/03/03 04:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2012/03/03 04:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/03/03 04:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/03/03 04:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
[2012/03/03 04:13:08 | 000,000,000 | ---D | C] -- C:\windows\System32\C2MP
[2012/02/29 15:28:21 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Received Files
[2012/02/29 15:26:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{18CFE308-1825-40C2-A730-CCBF60246BAE}
[2012/02/29 15:25:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{43322527-4DD1-4033-9578-6AF7AA503DEF}
[2012/02/23 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Chromium
[2012/02/23 14:32:22 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Sports Interactive
[2012/02/23 14:32:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2012/02/22 13:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2012/02/22 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloader
[2012/02/22 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader
[2012/02/22 13:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Downloader
[2012/02/22 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2012/02/22 13:02:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sports Interactive
[2012/02/22 04:20:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DC077317-8CF2-452C-89A6-F9D438A0F1BC}
[2012/02/22 04:20:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{55ADA6CF-FCD2-406A-ADF9-C96F65D417BA}
[2012/02/21 16:19:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D1C00A81-45D9-4C8B-BAA9-8CF7A54F2CEB}
[2012/02/21 16:19:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D32F36D8-E01B-4D99-9C23-E63D388D79D0}
[2012/02/15 08:08:52 | 001,288,192 | ---- | C] (MPC-HC Team) -- C:\windows\System32\VSFilter.dll
[2012/02/12 14:52:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8EDFCBBA-F662-4235-845E-DF44C02A7987}
[2012/02/12 14:52:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8BA57259-9CA6-4FBB-AFCC-AD1525CCC270}
[2012/02/12 10:20:46 | 000,461,824 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVSplitter.ax
[2012/02/12 10:20:42 | 000,562,176 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVVideo.ax
[2012/02/12 10:20:38 | 000,215,040 | ---- | C] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVAudio.ax
[2012/02/12 08:16:48 | 000,147,456 | ---- | C] (Intel Corp.) -- C:\windows\System32\IntelQuickSyncDecoder.dll
[2012/02/03 16:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0F98B7D8-3762-4A50-97D9-37ADC1550609}
[2012/02/02 13:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/02 13:16:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\HpUpdate
[2012/02/02 13:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/02/02 13:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/02/02 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/02 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\HP
[2012/02/01 15:06:53 | 000,356,520 | ---- | C] (Ask.com) -- C:\Users\User\Documents\ApnStub.exe
[2012/02/01 14:43:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C66D2336-58F3-40E7-9A83-96ACEA757EB6}
[2012/01/31 23:11:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{50925A86-1E48-4444-B12A-FE651F8CB5BA}
[2012/01/31 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{26E3DB40-8F32-44F9-8C50-49BA481EC9B8}
[2012/01/31 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DC8A2A90-09AC-4D55-B5A8-B510D0496CFA}
[2012/01/31 16:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2012/01/31 16:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2012/01/31 16:46:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{31FB66D7-5A19-4CF4-A4E5-E31016447BB7}
[2012/01/31 15:46:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{ED456923-1897-41DD-B7C4-CFC5E168FADF}
[2012/01/31 15:45:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E69E1678-29C5-4A5F-A142-D63D19B3AA1E}
[2012/01/30 18:29:24 | 000,381,440 | ---- | C] (MPC-HC Team) -- C:\windows\System32\cdxareader.ax
[2012/01/30 18:29:08 | 000,445,440 | ---- | C] (MPC-HC Team) -- C:\windows\System32\FLVSplitter.ax
[2012/01/30 14:28:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EE33D234-A024-4F03-809B-77521C468BF6}
[2012/01/30 14:28:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7B1132EC-D85E-456C-896E-C54CF969179A}
[2012/01/29 02:01:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7D1F40A7-E188-431B-9A24-F336409BA796}
[2012/01/29 02:00:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BBEB5AF2-3DFF-45E4-B760-328D0AEC6A4D}
[2012/01/24 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DD39F225-E171-4C6D-B802-CCDDDF8E15B7}
[2012/01/24 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6C7A43E3-0AA4-4676-80DF-87F602FC19B3}
[2012/01/23 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9EA5967D-0E90-4AAE-B9FA-B32D087FB8DC}
[2012/01/23 22:28:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4FC8AD78-84D2-4D2E-A72E-5AF9ABC3B889}
[2012/01/23 04:01:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D2A18791-8B00-4E73-BDD9-B0D31EA88DB6}
[2012/01/23 04:01:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B35EBA91-CBF7-49D9-87CB-353206BA0CB7}
[2012/01/22 14:39:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C358713E-0CEC-40EF-A9F9-316305E908F2}
[2012/01/22 14:38:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A8EB533B-D823-4CFD-BAB9-6EFB5BEBB138}
[2012/01/21 02:35:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{44A72870-00DA-4256-BE4D-399F6DC9CEB5}
[2012/01/21 02:35:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F24EA016-EB87-4E09-AC90-A5449878B64A}
[2012/01/21 02:28:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C98B0EA6-2118-4A95-BF18-9CC69BDDD7FB}
[2012/01/21 02:28:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7DE1C42B-9F89-4687-88B4-2615891ECA98}
[2012/01/20 10:47:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C57CD948-D8D3-450D-A325-0446DCCF35EA}
[2012/01/20 10:46:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{764B1F44-A109-4504-8BC0-DEBAA1BF55F3}
[2012/01/19 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2B2BF3FC-7EBB-4D7D-9938-589FFD4C2CAD}
[2012/01/19 15:00:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{70FD2CC6-68F8-4482-87E7-A779A2CEE735}
[2012/01/19 02:46:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1F93D8B8-084C-480C-A774-B545073F54DB}
[2012/01/19 02:46:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7C8C3C98-C580-4A2D-B11D-1886DE9ABB4A}
[2012/01/19 02:45:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B32B999B-0DA2-45C1-AA9C-4B6C2C600CCA}
[2012/01/19 02:45:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9B9048F0-2B28-4D55-8639-34E8C59B161F}
[2012/01/17 22:34:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7E5DED09-A617-4829-9FC1-2B9AFF685AEA}
[2012/01/17 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{44E901E0-3603-4C88-BFD8-996E050C86D8}
[2012/01/07 15:23:33 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Taxes
[2012/01/06 00:48:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{516B2460-9531-4A7C-BF12-9A027EE20440}
[2012/01/03 20:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\windows\System32\DivXControlPanelApplet.cpl
[2012/01/03 15:07:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9FB55777-D52C-4272-A5B5-3445F67662A0}
[2012/01/03 15:06:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C73F6C8F-CDF1-4398-9C36-F18AE6512BD6}
[2012/01/03 01:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/03 01:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/02 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\GameTuts
[2012/01/02 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mael
[2011/12/30 04:09:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3987101E-3141-4E4F-9A6A-42108DC1876A}
[2011/12/30 04:09:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C966AABD-BF20-45AE-9661-502C63F90E66}
[2011/12/29 02:13:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2011/12/29 00:46:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C07D1AF5-94F6-40E9-AD9A-73060DA00C7B}
[2011/12/27 21:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/12/27 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\AkaiPro
[2011/12/19 00:46:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{11C3EE8B-1454-40A3-90FD-043451C5B8C1}
[2011/12/19 00:46:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BF3708F4-A04D-48A9-AC57-A5EC43FCC670}
[2011/12/16 12:52:24 | 000,113,776 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2011/12/16 12:52:16 | 000,202,928 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2011/12/16 12:52:14 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys
[2011/12/16 12:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2011/12/16 12:45:26 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2011/12/16 12:45:25 | 000,355,632 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/12/16 12:45:23 | 000,034,392 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/12/16 12:45:22 | 000,729,752 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/12/16 12:45:22 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/12/16 12:45:21 | 000,058,680 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/12/16 12:44:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/12/16 12:44:56 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/12/16 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4246B6E6-A60B-4C60-AD4F-A4BA1B106167}
[2011/12/16 12:28:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1AA7027F-30F8-467E-B7D0-3E00F4520114}
[2011/12/16 11:57:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{851FA9FE-DF63-4EB1-8A35-22C39830FBA7}
[2011/12/16 11:57:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9A833870-6938-4F40-87BA-59E824AD2004}
[2011/12/07 12:36:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1ECAEC4F-FCA4-488F-AF49-EC1423E551FA}
[2011/12/07 12:35:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3639A673-7BF9-4240-BD9C-D1A098A1E613}
[2011/12/06 20:47:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C4EFA0AF-9650-4C80-A463-CBDA6278CC43}
[2011/12/06 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0108C942-55A7-43BD-A62F-AE298D543A01}
[2011/12/05 15:09:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37D8B2FC-7D6B-4DC5-93B4-5BC7B9736AD2}
[2011/12/05 15:09:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{458BB1A8-C403-4EBE-B201-26840C839A09}
[2011/12/05 01:56:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DE56DC68-0237-45C7-B93E-256FBD73C34C}
[2011/11/29 11:57:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/11/29 11:57:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/11/29 11:57:43 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/11/29 11:57:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/11/29 11:57:43 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/11/29 11:57:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/11/29 11:57:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/11/29 11:57:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/11/29 11:57:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/11/29 11:57:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/11/29 11:57:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/11/29 11:57:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/11/29 11:57:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/11/29 11:57:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/11/29 11:57:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/11/29 11:57:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/11/29 11:57:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/11/29 11:57:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/11/29 11:57:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/11/29 11:57:43 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/11/29 11:57:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/11/29 11:57:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/11/29 11:57:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/11/29 11:57:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/11/29 11:57:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/11/29 11:57:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/11/29 11:57:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/11/29 11:57:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/11/29 11:57:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/11/29 11:57:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/11/29 11:57:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/11/29 11:57:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/11/29 11:57:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/11/29 11:57:43 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/11/29 11:57:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/11/29 11:57:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/11/29 11:57:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/11/23 12:21:55 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_7.dll
[2011/11/23 12:21:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_5.dll
[2011/11/23 12:21:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_43.dll
[2011/11/23 12:21:54 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_7.dll
[2011/11/23 12:21:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_43.dll
[2011/11/23 12:21:53 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_43.dll
[2011/11/23 12:21:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_43.dll
[2011/11/23 12:21:53 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_43.dll
[2011/11/23 12:21:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_4.dll
[2011/11/23 12:21:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_6.dll
[2011/11/23 12:21:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_6.dll
[2011/11/23 12:21:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_7.dll
[2011/11/23 12:21:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_42.dll
[2011/11/23 12:21:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_5.dll
[2011/11/23 12:21:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dcsx_42.dll
[2011/11/23 12:21:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_42.dll
[2011/11/23 12:21:48 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx11_42.dll
[2011/11/23 12:21:46 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_40.dll
[2011/11/23 12:21:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_4.dll
[2011/11/23 12:21:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_4.dll
[2011/11/23 12:21:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_6.dll
[2011/11/23 12:21:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_40.dll
[2011/11/23 12:21:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_3.dll
[2011/11/23 12:21:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_3.dll
[2011/11/23 12:21:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_2.dll
[2011/11/23 12:21:45 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_5.dll
[2011/11/23 12:21:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_39.dll
[2011/11/23 12:21:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_2.dll
[2011/11/23 12:21:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_39.dll
[2011/11/23 12:21:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_2.dll
[2011/11/23 12:21:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_1.dll
[2011/11/23 12:21:43 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_39.dll
[2011/11/23 12:21:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_1.dll
[2011/11/23 12:21:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_1.dll
[2011/11/23 12:21:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAPOFX1_0.dll
[2011/11/23 12:21:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_4.dll
[2011/11/23 12:21:42 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_38.dll
[2011/11/23 12:21:42 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_38.dll
[2011/11/23 12:21:42 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_38.dll
[2011/11/23 12:21:41 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XAudio2_0.dll
[2011/11/23 12:21:40 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DCompiler_37.dll
[2011/11/23 12:21:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\xactengine3_0.dll
[2011/11/23 12:21:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\X3DAudio1_3.dll
[2011/11/23 12:21:39 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\D3DX9_37.dll
[2011/11/23 12:21:39 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx10_37.dll
[2011/11/23 12:20:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011/11/23 12:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011/11/21 20:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/19 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7D1B9153-555F-4C1A-A7BF-968EA9311DCD}
[2011/11/03 00:23:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D830CCE1-AD3D-4805-8FBF-B9564173B174}
[2011/11/01 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F5D380AF-DEE2-43B1-AF68-40B8BF1EBAA2}
[2011/10/31 22:52:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D401634A-AEF6-4204-BF93-B211AB72E55E}
[2011/10/31 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C261188F-DBF9-4F56-8B5E-2DD19C61EA77}
[2011/10/31 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF57D4F3-54DF-48DB-A00D-F76FB1DF9C3B}
[2011/10/29 22:48:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{79ECD968-22CF-486A-A841-0028534C2474}
[2011/10/21 18:49:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Scan2PDF
[2011/10/20 19:26:22 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[2011/10/14 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D08D53B0-5C09-4BA2-A990-EBD2CB70B506}
[2011/10/14 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5225A9B9-8ACE-45BD-80AD-CFD39CE49194}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/09/24 19:23:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/24 19:16:01 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000UA.job
[2012/09/24 19:16:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000Core.job
[2012/09/24 19:14:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/24 18:34:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000UA.job
[2012/09/24 18:34:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3817651789-3791859860-871273996-1000Core.job
[2012/09/24 18:14:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/24 16:12:06 | 000,000,512 | ---- | M] () -- C:\Users\User\Desktop\MBR.dat
[2012/09/24 13:52:27 | 000,001,134 | ---- | M] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2012/09/24 13:28:37 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 13:28:37 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/24 13:26:48 | 001,391,616 | ---- | M] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012/09/24 13:20:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/24 13:20:23 | 2312,097,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 13:18:21 | 000,513,501 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/09/24 12:01:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr
[2012/09/24 11:09:14 | 000,881,724 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2012/09/24 11:07:01 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012/09/20 03:23:31 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/09/20 02:20:06 | 000,000,176 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012/09/13 09:09:51 | 000,001,952 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2012/09/13 09:09:51 | 000,001,932 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2012/09/13 09:09:51 | 000,001,212 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2012/09/10 16:59:08 | 000,001,961 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/10 16:53:04 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/09/05 20:18:43 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/05 20:18:43 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,202,928 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswNdis2.sys
[2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys
[2012/08/21 05:13:14 | 000,018,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswKbd.sys
[2012/08/21 05:13:13 | 000,113,776 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFW.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/06/27 10:33:23 | 253,644,254 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2012/05/31 12:25:14 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2012/05/09 00:33:43 | 000,002,027 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/05/08 01:21:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/05/04 08:02:39 | 000,000,520 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/04 08:01:14 | 000,879,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\User\Desktop\utorrent.exe
[2012/04/22 11:46:37 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/04/18 20:56:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTimeVR.qtx
[2012/04/18 20:56:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\System32\QuickTime.qts
[2012/03/29 00:28:08 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) -- C:\windows\System32\drivers\povrtdev.sys
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR
[2012/03/03 04:54:36 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/03/03 04:54:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/03/03 04:54:36 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/03/03 04:54:34 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npdeployJava1.dll
[2012/03/03 04:54:34 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/02/18 08:05:52 | 000,033,516 | ---- | M] () -- C:\windows\System32\dischandler.exe
[2012/02/15 08:08:52 | 001,288,192 | ---- | M] (MPC-HC Team) -- C:\windows\System32\VSFilter.dll
[2012/02/13 18:26:30 | 003,350,528 | ---- | M] () -- C:\windows\System32\ffdshow.ax
[2012/02/13 18:24:56 | 004,407,808 | ---- | M] () -- C:\windows\System32\ffmpeg.dll
[2012/02/12 10:20:46 | 000,461,824 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVSplitter.ax
[2012/02/12 10:20:42 | 000,562,176 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVVideo.ax
[2012/02/12 10:20:38 | 000,215,040 | ---- | M] (1f0.de - Hendrik Leppkes) -- C:\windows\System32\LAVAudio.ax
[2012/02/12 10:20:36 | 000,172,032 | ---- | M] () -- C:\windows\System32\libbluray.dll
[2012/02/12 08:33:30 | 001,143,059 | ---- | M] () -- C:\windows\System32\avformat-lav-53.dll
[2012/02/12 08:33:30 | 000,360,729 | ---- | M] () -- C:\windows\System32\swscale-lav-2.dll
[2012/02/12 08:33:30 | 000,203,818 | ---- | M] () -- C:\windows\System32\avutil-lav-51.dll
[2012/02/12 08:33:28 | 006,414,616 | ---- | M] () -- C:\windows\System32\avcodec-lav-53.dll
[2012/02/12 08:33:28 | 000,138,774 | ---- | M] () -- C:\windows\System32\avfilter-lav-2.dll
[2012/02/12 08:16:48 | 000,147,456 | ---- | M] (Intel Corp.) -- C:\windows\System32\IntelQuickSyncDecoder.dll
[2012/02/08 18:53:06 | 000,079,360 | ---- | M] () -- C:\windows\System32\ff_vfw.dll
[2012/02/08 18:52:02 | 000,260,608 | ---- | M] () -- C:\windows\System32\TomsMoComp_ff.dll
[2012/02/08 18:51:54 | 000,158,720 | ---- | M] () -- C:\windows\System32\ff_unrar.dll
[2012/02/08 18:51:54 | 000,099,840 | ---- | M] () -- C:\windows\System32\ff_wmv9.dll
[2012/02/08 18:51:52 | 001,525,248 | ---- | M] () -- C:\windows\System32\ff_samplerate.dll
[2012/02/08 18:51:52 | 000,146,944 | ---- | M] () -- C:\windows\System32\ff_libmad.dll
[2012/02/08 18:51:50 | 000,212,480 | ---- | M] () -- C:\windows\System32\ff_libdts.dll
[2012/02/08 18:51:50 | 000,115,200 | ---- | M] () -- C:\windows\System32\ff_liba52.dll
[2012/02/08 18:51:48 | 000,328,704 | ---- | M] () -- C:\windows\System32\ff_libfaad2.dll
[2012/02/08 18:51:48 | 000,137,728 | ---- | M] () -- C:\windows\System32\libmpeg2_ff.dll
[2012/02/01 15:06:53 | 000,356,520 | ---- | M] (Ask.com) -- C:\Users\User\Documents\ApnStub.exe
[2012/01/30 18:29:24 | 000,381,440 | ---- | M] (MPC-HC Team) -- C:\windows\System32\cdxareader.ax
[2012/01/30 18:29:08 | 000,445,440 | ---- | M] (MPC-HC Team) -- C:\windows\System32\FLVSplitter.ax
[2012/01/03 20:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\windows\System32\DivXControlPanelApplet.cpl
[2012/01/03 16:46:02 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2012/01/03 15:08:45 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/12/16 12:01:27 | 000,012,688 | -HS- | M] () -- C:\Users\User\AppData\Local\107800w0y031r522s003l0wci2a4
[2011/12/07 15:32:24 | 000,216,064 | ---- | M] ( ) -- C:\windows\System32\Lagarith.dll
[2011/11/29 12:01:58 | 000,001,378 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/29 11:57:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/11/29 11:57:43 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/11/29 11:57:43 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/11/29 11:57:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/11/29 11:57:43 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/11/29 11:57:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/11/29 11:57:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/11/29 11:57:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/11/29 11:57:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/11/29 11:57:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/11/29 11:57:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/11/29 11:57:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/11/29 11:57:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/11/29 11:57:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/11/29 11:57:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/11/29 11:57:43 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/11/29 11:57:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/11/29 11:57:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/11/29 11:57:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/11/29 11:57:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/11/29 11:57:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/11/29 11:57:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/11/29 11:57:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/11/29 11:57:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/11/29 11:57:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/11/29 11:57:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/11/29 11:57:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/11/29 11:57:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/11/29 11:57:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/11/29 11:57:43 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/11/29 11:57:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/11/29 11:57:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/11/29 11:57:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/11/29 11:57:43 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/11/29 11:57:43 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/11/29 11:57:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/11/29 11:57:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/11/29 11:57:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/11/28 13:26:19 | 000,012,112 | ---- | M] (ALWIL Software) -- C:\windows\System32\drivers\aswNdis.sys
[2011/10/20 19:26:22 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\windows\System32\dpl100.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/24 16:12:06 | 000,000,512 | ---- | C] () -- C:\Users\User\Desktop\MBR.dat
[2012/09/24 13:52:27 | 000,001,134 | ---- | C] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2012/09/24 13:26:47 | 001,391,616 | ---- | C] () -- C:\Users\User\Desktop\RogueKiller.exe
[2012/09/24 13:18:14 | 000,513,501 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe
[2012/09/24 11:09:10 | 000,881,724 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe
[2012/09/24 11:06:48 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012/09/20 02:40:27 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/20 02:40:27 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/20 02:40:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/20 02:40:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/20 02:40:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/20 02:19:49 | 000,000,176 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012/06/14 10:21:11 | 000,001,952 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
[2012/06/14 10:21:11 | 000,001,932 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Paltalk Messenger.lnk
[2012/06/14 10:21:11 | 000,001,212 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Upgrade to Paltalk Extreme.lnk
[2012/05/09 00:33:43 | 000,002,027 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/05/09 00:33:42 | 000,002,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/05/04 08:02:39 | 000,000,520 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/04/22 11:46:37 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/02/18 08:05:52 | 000,033,516 | ---- | C] () -- C:\windows\System32\dischandler.exe
[2012/02/13 18:26:30 | 003,350,528 | ---- | C] () -- C:\windows\System32\ffdshow.ax
[2012/02/13 18:24:56 | 004,407,808 | ---- | C] () -- C:\windows\System32\ffmpeg.dll
[2012/02/12 10:20:36 | 000,172,032 | ---- | C] () -- C:\windows\System32\libbluray.dll
[2012/02/12 08:33:30 | 001,143,059 | ---- | C] () -- C:\windows\System32\avformat-lav-53.dll
[2012/02/12 08:33:30 | 000,360,729 | ---- | C] () -- C:\windows\System32\swscale-lav-2.dll
[2012/02/12 08:33:30 | 000,203,818 | ---- | C] () -- C:\windows\System32\avutil-lav-51.dll
[2012/02/12 08:33:28 | 006,414,616 | ---- | C] () -- C:\windows\System32\avcodec-lav-53.dll
[2012/02/12 08:33:28 | 000,138,774 | ---- | C] () -- C:\windows\System32\avfilter-lav-2.dll
[2012/02/08 18:53:06 | 000,079,360 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2012/02/08 18:52:02 | 000,260,608 | ---- | C] () -- C:\windows\System32\TomsMoComp_ff.dll
[2012/02/08 18:51:54 | 000,158,720 | ---- | C] () -- C:\windows\System32\ff_unrar.dll
[2012/02/08 18:51:54 | 000,099,840 | ---- | C] () -- C:\windows\System32\ff_wmv9.dll
[2012/02/08 18:51:52 | 001,525,248 | ---- | C] () -- C:\windows\System32\ff_samplerate.dll
[2012/02/08 18:51:52 | 000,146,944 | ---- | C] () -- C:\windows\System32\ff_libmad.dll
[2012/02/08 18:51:50 | 000,212,480 | ---- | C] () -- C:\windows\System32\ff_libdts.dll
[2012/02/08 18:51:50 | 000,115,200 | ---- | C] () -- C:\windows\System32\ff_liba52.dll
[2012/02/08 18:51:48 | 000,328,704 | ---- | C] () -- C:\windows\System32\ff_libfaad2.dll
[2012/02/08 18:51:48 | 000,137,728 | ---- | C] () -- C:\windows\System32\libmpeg2_ff.dll
[2012/01/03 16:46:02 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2012/01/03 15:08:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/16 11:20:56 | 000,012,688 | -HS- | C] () -- C:\Users\User\AppData\Local\107800w0y031r522s003l0wci2a4
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\Lagarith.dll
[2011/11/29 11:57:43 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/10/03 20:20:29 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.4.lnk
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\windows\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\windows\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\windows\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\windows\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\windows\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\windows\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\windows\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\windows\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\windows\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\windows\System32\mkunicode.dll
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2011/04/13 19:16:30 | 000,001,420 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat
[2011/03/05 22:03:34 | 000,007,103 | ---- | C] () -- C:\windows\mgxoschk.ini
[2011/03/04 21:02:50 | 000,008,704 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\windows\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\windows\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\windows\System32\avss.dll
[2011/02/24 20:50:11 | 000,010,600 | -HS- | C] () -- C:\Users\User\AppData\Local\4070051116
[2011/01/18 21:14:22 | 000,331,263 | ---- | C] () -- C:\windows\LOOP.exe
[2010/01/30 23:37:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 25 September 2012 - 12:39 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8  
    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
    IE - HKCU\..\SearchScopes\{77A9C4AC-DAB9-4D7C-B8FF-81A320BE1FFF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PLTV52&o=100000018&src=kw&q={searchTerms}&locale=&apn_ptnrs=E5&apn_dtid=YYYYYYYYUS&apn_uid=f039381e-7adf-4ff0-911f-3cd9d1f5fac0&apn_sauid=46ECF952-B9BC-4611-A757-1A0BBADC093A
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "TVersitybar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "TVersitybar Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: nfqjoabjch@nfqjoabjch.org:1.0
    [2012/05/15 16:01:47 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zhbb5zea.default\extensions\nfqjoabjch@nfqjoabjch.org.xpi
    [2012/03/26 00:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit
    [2012/02/01 15:06:53 | 000,356,520 | ---- | C] (Ask.com) -- C:\Users\User\Documents\ApnStub.exe
    :Files
    C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 lufkinmj4

lufkinmj4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:58 AM

Posted 25 September 2012 - 12:47 PM

I can't get it to redirect me at all anyomre. I think that might have fixed it! I appreciate the help.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
C:\windows\assembly\Desktop.ini moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77A9C4AC-DAB9-4D7C-B8FF-81A320BE1FFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77A9C4AC-DAB9-4D7C-B8FF-81A320BE1FFF}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "TVersitybar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "TVersitybar Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: nfqjoabjch@nfqjoabjch.org:1.0 removed from extensions.enabledAddons
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\zhbb5zea.default\extensions\nfqjoabjch@nfqjoabjch.org.xpi moved successfully.
C:\Users\User\AppData\Local\Conduit folder moved successfully.
C:\Users\User\Documents\ApnStub.exe moved successfully.
========== FILES ==========
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\tb_ux folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\lib folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\content_script\hack folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\content_script folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\skin\js folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\skin\images folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\skin\css folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\skin folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\locales\en folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config\locales folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\config folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0\background folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh\7.15.4.0_0 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapkipmmkdejoelpgemgfidjdhcdnh folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1-USER-PC

User: Public

User: User
->Java cache emptied: 2164383 bytes

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41654 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-USER-PC
->Flash cache emptied: 41654 bytes

User: Public

User: User
->Flash cache emptied: 3141505 bytes

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.67.1 log created on 09252012_134148

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:58 AM

Posted 25 September 2012 - 03:20 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 9.4.6
Java™ 6 Update 31
Java™ 7 Update 2
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users