Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, Please help, remote spying!!!


  • This topic is locked This topic is locked
17 replies to this topic

#1 Davino

Davino

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 January 2013 - 08:31 PM

sorry about the duplicate post.

Attached Files


Edited by Davino, 27 January 2013 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 January 2013 - 08:31 PM

Here are the logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Administrator at 20:17:27 on 2013-01-27
#Option Extended Search is enabled.
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8076.6196 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\dwm.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Windows\System32\ThpSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Users\Administrator\Downloads\HijackThisPortable\HijackThisPortable.exe
C:\Users\Administrator\Downloads\HijackThisPortable\App\HijackThis\HijackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba13.msn.com
uWindow Title = Internet Explorer provided by TOSHIBA
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
dRun: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{21E59C9E-58BE-4BBF-8284-FE8199E8D00C} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{B3ED0393-6978-473B-A527-178779F7B444} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - <orphaned>
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: AnVirDisabled - <no file>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\59tsd8y2.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-09 21:35; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-01-09 21:35; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-01-09 21:35; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-01-09 21:35; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-01-09 21:35; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-01-10 10:46; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn
FF - ExtSQL: 2013-01-27 01:19; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-27 02:13; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\59tsd8y2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-01-27 02:13; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\59tsd8y2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-01-27 20:07; {37fa1426-b82d-11db-8314-0800200c9a66}; C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\59tsd8y2.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2012-7-28 48512]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\0106000.011\ccSetx64.sys [2013-1-9 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\Drivers\NSTx64\7DD02010.021\ccsetx64.sys [2013-1-9 168096]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2012-8-2 28504]
R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2012-8-3 48472]
R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2012-8-13 178008]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-1-25 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-25 44808]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-7 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-7 166720]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-1-12 201872]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-24 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-7 365376]
R3 FwLnk;FwLnk Driver;C:\windows\System32\Drivers\FwLnk.sys [2012-10-7 9216]
R3 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-7 645952]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\Drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\Drivers\klmouflt.sys [2012-7-25 29528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-13 103936]
R3 NETwNe64;@netwne64.inf,___ %NIC_Service_DispName_WIN7_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\Drivers\NETwNe64.sys [2012-6-2 11400192]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2012-10-7 269968]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]
R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2012-10-7 499096]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
RUnknown Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; [x]
S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2012-7-27 29616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 35296]
S3 Revoflt;Revoflt;C:\windows\System32\Drivers\revoflt.sys [2013-1-12 31800]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-8-9 48096]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
.
=============== Created Last 60 ================
.
2013-01-27 22:31:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Comodo
2013-01-27 22:31:58 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2013-01-27 10:02:57 -------- d-----w- C:\Users\Administrator\xinorbis
2013-01-27 10:02:40 -------- d-----w- C:\Program Files (x86)\freshney.org
2013-01-27 09:55:25 -------- d-----w- C:\Users\Administrator\AppData\Local\VS Revo Group
2013-01-27 07:03:40 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia
2013-01-27 07:02:41 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla
2013-01-27 07:01:47 -------- d-----r- C:\Users\Administrator\Searches
2013-01-27 07:01:47 -------- d-----r- C:\Users\Administrator\Contacts
2013-01-27 05:44:01 -------- d-----w- C:\windows\System32\catroot2
2013-01-27 05:43:52 -------- d-----w- C:\windows\SoftwareDistribution.old
2013-01-27 04:33:03 -------- d-----w- C:\Intel
2013-01-27 02:09:06 131072 ----a-w- C:\windows\GooG.exe
2013-01-27 02:09:02 31616 ----a-w- C:\windows\System32\FoolishEventLogMsgHelper.dll
2013-01-25 16:06:30 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-01-25 16:05:34 41224 ----a-w- C:\windows\avastSS.scr
2013-01-25 16:05:24 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-25 16:05:24 -------- d-----w- C:\Program Files\AVAST Software
2013-01-25 14:34:24 -------- d-----w- C:\windows\System32\CatRoot2.old
2013-01-12 23:07:03 -------- d-----w- C:\windows\pss
2013-01-12 21:56:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-01-12 21:56:02 66560 ------w- C:\windows\System32\nmwcdclsx64.dll
2013-01-12 20:06:29 -------- d-----w- C:\Program Files (x86)\SumatraPDF
2013-01-12 19:50:02 2560 ------w- C:\windows\_MSRSTRT.EXE
2013-01-12 19:38:47 -------- d---a-w- C:\Program Files (x86)\Nora Antimalware Scanner
2013-01-12 17:17:07 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-12 16:52:02 -------- d-----w- C:\Program Files (x86)\Malware Inspector
2013-01-12 16:07:35 -------- d-----w- C:\Support
2013-01-12 14:18:02 859072 ------w- C:\windows\SysWow64\npDeployJava1.dll
2013-01-12 13:01:44 779704 ------w- C:\windows\SysWow64\deployJava1.dll
2013-01-12 10:35:32 -------- d-----w- C:\ProgramData\MCShield
2013-01-12 09:59:16 75264 ------w- C:\windows\SysWow64\unacev2.dll
2013-01-12 09:59:16 153088 ------w- C:\windows\SysWow64\unrar3.dll
2013-01-12 09:59:15 -------- d-----w- C:\ProgramData\Simply Super Software
2013-01-12 09:46:41 16200 ------w- C:\windows\stinger.sys
2013-01-12 09:43:54 -------- d-----w- C:\Program Files\HitmanPro
2013-01-12 09:20:17 -------- d-----w- C:\Program Files (x86)\Keystroke Interference
2013-01-12 09:12:41 -------- d-----w- C:\windows\System32\wbem\Framework\root\OpenHardwareMonitor
2013-01-12 09:12:41 -------- d-----w- C:\windows\System32\wbem\Framework\root
2013-01-12 09:12:41 -------- d-----w- C:\windows\System32\wbem\Framework
2013-01-12 08:38:05 31616 ------w- C:\windows\SysWow64\FoolishEventLogMsgHelper.dll
2013-01-12 08:35:07 53248 ------w- C:\windows\SysWow64\zlib.dll
2013-01-12 08:10:51 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2013-01-12 06:59:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-12 06:57:34 -------- d-----w- C:\PMPCUpdateRepository
2013-01-12 06:36:07 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2013-01-12 06:36:06 -------- d-----w- C:\Program Files\VS Revo Group
2013-01-12 06:15:10 12872 ------w- C:\windows\System32\bootdelete.exe
2013-01-12 06:07:39 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-12 06:07:38 24176 ------w- C:\windows\System32\drivers\mbam.sys
2013-01-12 06:07:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-12 06:06:49 -------- d-----w- C:\ProgramData\HitmanPro
2013-01-11 15:35:58 -------- d-----w- C:\Program Files (x86)\Comodo
2013-01-11 15:35:07 348160 ------w- C:\windows\SysWow64\msvcr71.dll
2013-01-11 15:35:07 1060864 ------w- C:\windows\SysWow64\mfc71.dll
2013-01-10 06:28:48 6971624 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-01-10 06:27:44 3554304 ----a-w- C:\windows\System32\tquery.dll
2013-01-10 06:24:31 178176 ----a-w- C:\windows\System32\SystemEventsBrokerServer.dll
2013-01-10 06:24:31 170496 ----a-w- C:\windows\System32\TimeBrokerServer.dll
2013-01-10 05:25:57 33240 ------w- C:\windows\System32\drivers\GEARAspiWDM.sys
2013-01-10 05:03:23 -------- d-----w- C:\Program Files\iPod
2013-01-10 05:03:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-10 05:03:20 -------- d-----w- C:\Program Files\iTunes
2013-01-10 05:02:49 -------- d-----w- C:\Program Files\Bonjour
2013-01-10 05:02:49 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-01-10 04:33:22 -------- d-----w- C:\Program Files\CCleaner
2013-01-10 03:38:17 -------- d-----w- C:\Program Files (x86)\IrfanView
2013-01-10 03:03:19 301568 ----a-w- C:\windows\System32\newdev.dll
2013-01-10 03:03:19 275968 ----a-w- C:\windows\SysWow64\newdev.dll
2013-01-10 03:03:18 76288 ----a-w- C:\windows\System32\newdev.exe
2013-01-10 03:03:18 75264 ----a-w- C:\windows\System32\ndadmin.exe
2013-01-10 03:03:18 74240 ----a-w- C:\windows\SysWow64\newdev.exe
2013-01-10 03:03:18 73728 ----a-w- C:\windows\SysWow64\ndadmin.exe
2013-01-10 03:03:18 68608 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-01-10 03:03:18 446976 ----a-w- C:\windows\System32\wwansvc.dll
2013-01-10 02:47:23 168096 ------w- C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys
2013-01-10 02:47:20 -------- d-----w- C:\windows\System32\drivers\NATx64\0106000.011
2013-01-10 02:44:40 168096 ------w- C:\windows\System32\drivers\NSTx64\7DD02010.021\ccsetx64.sys
2013-01-10 02:44:38 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DD02010.021
2013-01-10 02:34:21 17888 ----a-w- C:\windows\SysWow64\msvcr100_clr0400.dll
2013-01-10 02:34:21 17888 ----a-w- C:\windows\System32\msvcr100_clr0400.dll
2013-01-10 02:30:36 2361344 ----a-w- C:\windows\System32\msxml6.dll
2012-12-26 15:42:30 9728 ------w- C:\windows\System32\IGFXDEVLib.dll
2012-12-15 20:22:34 64856 ------w- C:\windows\System32\klfphc.dll
2012-12-15 20:21:52 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-12-15 20:21:52 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-12-15 20:21:42 89944 ------w- C:\windows\System32\drivers\klflt.sys
2012-12-15 20:13:11 -------- d-----w- C:\windows\System32\drivers\NSTx64
2012-12-15 17:00:11 50784 ------w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2012-12-15 17:00:08 18528 ------w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin
2012-12-15 15:00:21 -------- d-----w- C:\ProgramData\Book Place
2012-12-15 04:14:05 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-12-15 02:37:18 13 ------w- C:\windows\System32\drivers\fbd.sys
2012-12-10 09:12:20 2743440 ------w- C:\windows\System32\RtPgEx64.dll
2012-12-10 09:12:20 2714720 ------w- C:\windows\System32\FMAPO64.dll
2012-12-10 09:12:16 3673232 ------w- C:\windows\System32\RtkAPO64.dll
2012-12-10 09:12:14 3242896 ------w- C:\windows\System32\drivers\RTKVHD64.sys
2012-12-10 09:12:14 1562768 ------w- C:\windows\System32\RTSnMg64.cpl
2012-12-10 09:12:12 881808 ------w- C:\windows\System32\RtkApi64.dll
2012-12-10 09:12:12 1273488 ------w- C:\windows\System32\RTCOM64.dll
2012-12-10 09:12:12 125584 ------w- C:\windows\System32\RCoInstII64.dll
.
==================== Find6M ====================
.
2013-01-12 05:59:25 16384 ------w- C:\windows\IFEO_Silent_Dummy.exe
2013-01-12 05:59:25 16384 ------w- C:\windows\IFEO_Dummy.exe
2012-12-18 23:32:58 80728 ------w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 23:32:58 695640 ------w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 08:28:20 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-16 08:20:01 35328 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-16 08:08:33 362496 ----a-w- C:\windows\System32\atmfd.dll
2012-12-16 07:57:09 300032 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-15 20:38:38 48472 ------w- C:\windows\System32\drivers\klwfp.sys
2012-12-15 20:38:38 29528 ------w- C:\windows\System32\drivers\klmouflt.sys
2012-12-15 20:38:38 29016 ------w- C:\windows\System32\drivers\klkbdflt.sys
2012-12-04 04:21:42 368640 ----a-w- C:\windows\System32\sppwinob.dll
2012-12-04 03:59:08 4055552 ----a-w- C:\windows\System32\win32k.sys
2012-11-29 05:05:57 707584 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2012-11-29 05:05:57 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2012-11-28 04:21:17 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2012-11-27 07:00:32 194280 ----a-w- C:\windows\System32\drivers\sdbus.sys
2012-11-27 07:00:29 124648 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2012-11-27 06:59:13 329960 ----a-w- C:\windows\System32\drivers\storport.sys
2012-11-27 06:39:46 1122768 ----a-w- C:\windows\System32\Taskmgr.exe
2012-11-27 04:49:20 1027152 ----a-w- C:\windows\SysWow64\Taskmgr.exe
2012-11-27 04:20:50 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe
2012-11-27 04:20:42 179200 ----a-w- C:\windows\SysWow64\wpnapps.dll
2012-11-27 04:20:35 891904 ----a-w- C:\windows\SysWow64\winmde.dll
2012-11-27 04:20:31 798208 ----a-w- C:\windows\SysWow64\WebcamUi.dll
2012-11-27 04:20:29 46592 ----a-w- C:\windows\SysWow64\vds_ps.dll
2012-11-27 04:20:28 560128 ----a-w- C:\windows\SysWow64\UserLanguagesCpl.dll
2012-11-27 04:20:23 1217536 ----a-w- C:\windows\SysWow64\storagewmi.dll
2012-11-27 04:20:15 680960 ----a-w- C:\windows\System32\vds.exe
2012-11-27 04:20:07 702464 ----a-w- C:\windows\SysWow64\nshwfp.dll
2012-11-27 04:20:07 1123840 ----a-w- C:\windows\System32\mstsc.exe
2012-11-27 04:18:59 888832 ----a-w- C:\windows\System32\nshwfp.dll
2012-11-27 04:18:39 5974528 ----a-w- C:\windows\System32\mstscax.dll
2012-11-27 04:18:13 1071104 ----a-w- C:\windows\System32\IKEEXT.DLL
2012-11-27 04:18:06 378880 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2012-11-27 04:17:32 718848 ----a-w- C:\windows\System32\BFE.DLL
2012-11-27 04:17:31 2302464 ----a-w- C:\windows\System32\authui.dll
2012-11-27 03:57:32 18432 ----a-w- C:\windows\System32\drivers\BtaMPM.sys
2012-11-27 03:56:29 31104 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys
2012-11-27 03:55:44 29952 ----a-w- C:\windows\System32\drivers\BthhfHid.sys
2012-11-26 04:21:18 71168 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
2012-11-26 04:20:09 86016 ----a-w- C:\windows\System32\ncryptsslp.dll
2012-11-20 05:24:19 1164800 ----a-w- C:\windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\windows\SysWow64\msctf.dll
2012-11-10 04:23:25 132608 ----a-w- C:\windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\windows\System32\appserverai.dll
2012-11-09 04:49:51 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\windows\SysWow64\lpk.dll
2012-11-08 01:56:52 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ------w- C:\windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2012-11-06 07:33:46 522640 ----a-w- C:\windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\windows\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\windows\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\windows\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\windows\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\windows\SysWow64\AudioSes.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\windows\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\windows\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\windows\SysWow64\fdWCN.dll
.
============= FINISH: 20:18:02.89 ===============

Edited by Davino, 27 January 2013 - 08:33 PM.


#3 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 27 January 2013 - 10:53 PM

Here is the rkill log:

Attached Files



#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 01 February 2013 - 04:26 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

Please post the contents of all logs.

My apologies for the delay.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 01 February 2013 - 06:10 PM

Combofix won't work in windows 8.

#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 01 February 2013 - 06:20 PM

Hell Davino,

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 10 February 2013 - 05:17 AM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 16 February 2013 - 06:30 AM

yes thank you. here are the logs:

 

 

Attached Files



#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 16 February 2013 - 03:21 PM

OTL logfile created on: 2/16/2013 05:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Davino-Oh\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 77.82% Memory free
15.89 Gb Paging File | 13.77 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.25 Gb Total Space | 598.14 Gb Free Space | 86.91% Space Free | Partition Type: NTFS
 
Computer Name: SD-2 | User Name: Davino-Oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/16 05:51:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davino-Oh\Downloads\OTL.exe
PRC - [2013/02/16 05:26:15 | 001,363,528 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Davino-Oh\Downloads\mbar-1.01.0.1020\mbar\mbar.exe
PRC - [2013/01/04 16:21:28 | 000,713,960 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe
PRC - [2012/12/15 15:27:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/09 20:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/12/10 04:12:22 | 000,201,872 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2012/12/05 23:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/12/05 23:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/24 19:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/08/03 15:31:40 | 000,566,696 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2012/07/28 11:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 16:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/25 22:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 22:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/12/26 10:42:28 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/12/15 15:27:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/11/05 23:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/12/26 10:42:14 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/15 15:38:38 | 000,612,696 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/12/15 15:38:38 | 000,048,472 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2012/12/15 15:38:38 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/12/15 15:38:38 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/11/27 02:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/11/26 22:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 02:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/11/06 02:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 02:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/20 02:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 14:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NSTx64\7DD02010.021\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/08/16 16:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/16 16:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/09 21:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/08/09 21:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/08/09 21:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/08/09 21:29:52 | 000,048,096 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NATx64\0106000.011\ccSetx64.sys -- (ccSet_NAT)
DRV:64bit: - [2012/08/02 15:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/31 14:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 13:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/28 15:10:08 | 000,048,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2012/07/27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 00:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 23:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 23:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 18:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 03:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 17:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/13 15:04:30 | 000,103,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/10 18:35:44 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/03 16:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 16:59:58 | 000,018,304 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/19 09:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/18 12:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/02 09:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\revoflt.sys -- (Revoflt)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{5902AA76-B008-417C-AAF7-9E459EF21AA9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5902AA76-B008-417C-AAF7-9E459EF21AA9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: extension%40hidemyass.com:1.2.7
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130129
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\ITUNES\Mozilla Plugins\npitunes.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013/01/10 10:46:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/01/09 21:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/01/09 21:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/01/09 21:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/01/09 21:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/01/09 21:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/15 14:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/12/14 21:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davino-Oh\AppData\Roaming\mozilla\Extensions
[2013/02/16 05:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davino-Oh\AppData\Roaming\mozilla\Firefox\Profiles\jof7xauy.default\extensions
[2013/02/01 01:20:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Davino-Oh\AppData\Roaming\mozilla\Firefox\Profiles\jof7xauy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/14 21:42:00 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Davino-Oh\AppData\Roaming\mozilla\firefox\profiles\jof7xauy.default\extensions\extension@hidemyass.com.xpi
[2013/02/01 01:20:28 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\Davino-Oh\AppData\Roaming\mozilla\firefox\profiles\jof7xauy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/27 02:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/10 08:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/02/10 08:31:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/09 21:35:17 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013/02/15 14:33:27 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/04 22:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Docs = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: avast! WebRep = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Virtual Keyboard = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Gmail = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Davino-Oh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
Hosts file not found
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound 3D] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Z1] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-3640059862-1710280512-3291368780-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21E59C9E-58BE-4BBF-8284-FE8199E8D00C}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3ED0393-6978-473B-A527-178779F7B444}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AnVirDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{893e57a3-66fa-11e2-be8c-00266c1dee1e}\Shell - "" = AutoRun
O33 - MountPoints2\{893e57a3-66fa-11e2-be8c-00266c1dee1e}\Shell\AutoRun\command - "" = "E:\TLBootstrap_WPP.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/16 05:52:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/16 00:51:04 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Roaming\WinPatrol
[2013/02/16 00:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/02/16 00:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/02/16 00:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoSoSys Ltd
[2013/02/16 00:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoRun Disable
[2013/02/16 00:37:36 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Roaming\CoSoSys Ltd
[2013/02/16 00:36:26 | 000,000,000 | R--D | C] -- C:\Users\Davino-Oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/02/16 00:36:26 | 000,000,000 | R--D | C] -- C:\Users\Davino-Oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/02/16 00:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2013/02/16 00:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2013/02/16 00:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2013/02/15 18:56:27 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
[2013/02/15 18:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/02/15 18:51:17 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RedEyes
[2013/02/15 18:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RedEyes
[2013/02/15 18:50:33 | 002,030,560 | ---- | C] (RedEyes Software) -- C:\Users\Davino-Oh\Desktop\redeyes.exe
[2013/02/15 18:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013/02/15 16:10:13 | 000,000,000 | ---D | C] -- C:\Intel
[2013/02/15 15:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/15 14:08:05 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\Desktop\scanned4
[2013/02/15 09:41:00 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\Desktop\scanned3
[2013/02/15 07:39:21 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\Desktop\scanned2
[2013/02/15 02:24:53 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\Desktop\Scanned
[2013/02/15 02:03:15 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/02/15 02:03:02 | 000,363,520 | ---- | C] (CANON INC.) -- C:\windows\SysWow64\CNMNPPM.DLL
[2013/02/15 02:03:02 | 000,356,864 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6PPM.DLL
[2013/02/15 02:03:02 | 000,039,424 | ---- | C] (CANON INC.) -- C:\windows\SysNative\CNMN6UI.DLL
[2013/02/15 02:03:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\STRING
[2013/02/15 02:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/02/15 02:02:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV
[2013/02/15 02:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/02/13 10:30:04 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Local\Windows Live
[2013/02/10 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/02/10 10:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/02/10 10:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2013/02/10 10:37:34 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Roaming\GlarySoft
[2013/02/10 10:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2013/02/10 10:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2013/02/08 22:20:10 | 019,387,320 | ---- | C] (Bitdefender LLC) -- C:\Users\Davino-Oh\Desktop\BootkitRemoval_x64.exe
[2013/02/06 01:10:16 | 065,273,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MRT.exe
[2013/02/05 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\Desktop\rkill
[2013/02/05 12:28:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\catroot2
[2013/02/05 12:25:39 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/02/05 12:25:03 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution.old
[2013/02/05 12:22:44 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Local\Temp
[2013/02/04 20:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/02/01 17:22:44 | 005,030,042 | ---- | C] (Swearware) -- C:\Users\Davino-Oh\Desktop\ComboFix.exe
[2013/01/28 03:47:35 | 042,010,432 | ---- | C] (Microsoft Corporation) -- C:\Users\Davino-Oh\Desktop\install_virtualdj_home_v7.3.exe
[2013/01/28 01:46:31 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/01/28 01:39:13 | 000,000,000 | ---D | C] -- C:\windows\SysNative\CatRoot2.old
[2013/01/28 01:29:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2013/01/28 01:26:23 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/28 01:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/01/27 05:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xinorbis6
[2013/01/27 02:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/27 02:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2013/01/25 12:14:26 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Local\AnVir
[2013/01/25 11:06:41 | 000,000,000 | ---D | C] -- C:\Users\Davino-Oh\AppData\Local\Google
[2013/01/25 11:06:30 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/01/25 11:06:30 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/01/25 11:05:34 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2013/01/25 11:05:34 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/01/25 11:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/25 11:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/16 00:25:38 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/02/15 23:11:36 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/02/15 22:41:59 | 000,000,342 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2013/02/15 18:51:17 | 000,000,966 | ---- | M] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\RedEyes.lnk
[2013/02/15 18:51:17 | 000,000,942 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\RedEyes.lnk
[2013/02/15 18:50:33 | 002,030,560 | ---- | M] (RedEyes Software) -- C:\Users\Davino-Oh\Desktop\redeyes.exe
[2013/02/15 18:36:13 | 000,018,210 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\ny.jpg
[2013/02/15 18:27:09 | 000,238,380 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\jet.jpg
[2013/02/15 18:24:05 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2013/02/15 14:29:02 | 000,070,792 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\CPReport.ashx
[2013/02/15 02:14:45 | 001,997,956 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\dk macys.jpg
[2013/02/10 10:47:47 | 000,001,257 | ---- | M] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/10 10:47:47 | 000,001,233 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\Spybot - Search & Destroy.lnk
[2013/02/10 10:35:59 | 000,001,065 | ---- | M] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013/02/10 10:35:59 | 000,001,041 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\Glary Utilities.lnk
[2013/02/10 10:16:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/02/08 22:20:13 | 019,387,320 | ---- | M] (Bitdefender LLC) -- C:\Users\Davino-Oh\Desktop\BootkitRemoval_x64.exe
[2013/02/08 20:11:16 | 000,020,303 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\bill 10 13 07.jpg
[2013/02/08 20:10:57 | 000,014,833 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\bill.jpg
[2013/02/07 03:14:01 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/07 03:14:01 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/07 03:14:01 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/02/06 06:14:29 | 000,011,264 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\[000213].jpg
[2013/02/06 02:42:07 | 000,021,587 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\pictures7-09-06375.jpg
[2013/02/06 02:38:25 | 000,066,914 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\GREGOSBEYTREYJOANBETHEL7-9-06BW.jpg
[2013/02/06 02:34:57 | 000,004,531 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\0B9F4m01
[2013/02/06 02:30:36 | 000,014,424 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\TREYJOANBETHEL7-09-06-1.jpg
[2013/02/06 02:29:54 | 000,023,165 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\pictures7-09-06243.jpg
[2013/02/06 02:29:04 | 000,025,088 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\TREYJOANPHILBETHEL7-9-06.jpg
[2013/02/06 02:25:45 | 000,055,397 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\PICTURESBEARSPICNICRAEGAN6-20-06077.jpg
[2013/02/05 22:47:08 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/05 12:27:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/02/05 12:27:36 | 2479,849,471 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 03:35:39 | 004,762,021 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\2011-June-Phish-Tour-057.jpg
[2013/02/04 20:28:16 | 000,001,239 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\Revo Uninstaller.lnk
[2013/02/02 05:19:26 | 000,229,890 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\UYE43l4.jpg
[2013/02/01 17:22:49 | 005,030,042 | ---- | M] (Swearware) -- C:\Users\Davino-Oh\Desktop\ComboFix.exe
[2013/01/28 03:47:53 | 042,010,432 | ---- | M] (Microsoft Corporation) -- C:\Users\Davino-Oh\Desktop\install_virtualdj_home_v7.3.exe
[2013/01/28 01:58:05 | 000,001,072 | ---- | M] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/28 01:58:05 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/28 01:43:38 | 000,001,150 | ---- | M] () -- C:\temp588.bat
[2013/01/28 01:43:38 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2013/01/28 01:36:11 | 000,848,230 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/27 23:38:50 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/27 01:02:53 | 000,881,914 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\SecurityCheck.exe
[2013/01/26 23:53:50 | 000,032,284 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\134783_499331804924_745864924_5844421_8047294_o.jpg
[2013/01/26 18:41:20 | 000,080,858 | ---- | M] () -- C:\Users\Davino-Oh\Desktop\output.pdf
[2013/01/25 13:54:51 | 000,000,914 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 13:54:51 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
 
========== Files Created - No Company Name ==========
 
[2013/02/16 00:25:38 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2013/02/15 18:51:17 | 000,000,966 | ---- | C] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\RedEyes.lnk
[2013/02/15 18:51:17 | 000,000,942 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\RedEyes.lnk
[2013/02/15 18:36:13 | 000,018,210 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\ny.jpg
[2013/02/15 18:27:08 | 000,238,380 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\jet.jpg
[2013/02/15 14:29:01 | 000,070,792 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\CPReport.ashx
[2013/02/15 14:06:26 | 000,001,298 | ---- | C] () -- C:\Users\Davino-Oh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013.lnk
[2013/02/15 02:14:44 | 001,997,956 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\dk macys.jpg
[2013/02/10 10:47:47 | 000,001,257 | ---- | C] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/10 10:47:47 | 000,001,233 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\Spybot - Search & Destroy.lnk
[2013/02/10 10:36:01 | 000,000,342 | ---- | C] () -- C:\windows\tasks\GlaryInitialize.job
[2013/02/10 10:35:59 | 000,001,065 | ---- | C] () -- C:\Users\Davino-Oh\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2013/02/10 10:35:59 | 000,001,041 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\Glary Utilities.lnk
[2013/02/08 20:11:15 | 000,020,303 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\bill 10 13 07.jpg
[2013/02/08 20:10:56 | 000,014,833 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\bill.jpg
[2013/02/06 06:14:29 | 000,011,264 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\[000213].jpg
[2013/02/06 02:42:05 | 000,021,587 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\pictures7-09-06375.jpg
[2013/02/06 02:38:24 | 000,066,914 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\GREGOSBEYTREYJOANBETHEL7-9-06BW.jpg
[2013/02/06 02:34:57 | 000,004,531 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\0B9F4m01
[2013/02/06 02:30:36 | 000,014,424 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\TREYJOANBETHEL7-09-06-1.jpg
[2013/02/06 02:29:54 | 000,023,165 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\pictures7-09-06243.jpg
[2013/02/06 02:29:03 | 000,025,088 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\TREYJOANPHILBETHEL7-9-06.jpg
[2013/02/06 02:25:44 | 000,055,397 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\PICTURESBEARSPICNICRAEGAN6-20-06077.jpg
[2013/02/05 03:35:33 | 004,762,021 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\2011-June-Phish-Tour-057.jpg
[2013/02/04 20:28:16 | 000,001,239 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\Revo Uninstaller.lnk
[2013/02/02 05:19:24 | 000,229,890 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\UYE43l4.jpg
[2013/01/28 01:43:38 | 000,001,150 | ---- | C] () -- C:\temp588.bat
[2013/01/28 01:42:51 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2013/01/28 01:35:19 | 000,848,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/01/28 01:32:47 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2013/01/27 22:48:49 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 01:00:53 | 000,881,914 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\SecurityCheck.exe
[2013/01/26 23:53:50 | 000,032,284 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\134783_499331804924_745864924_5844421_8047294_o.jpg
[2013/01/26 18:41:19 | 000,080,858 | ---- | C] () -- C:\Users\Davino-Oh\Desktop\output.pdf
[2013/01/25 11:06:46 | 000,000,914 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 11:06:44 | 000,000,910 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/12 14:50:02 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2013/01/12 04:59:16 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\unrar3.dll
[2013/01/12 04:59:16 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\unacev2.dll
[2013/01/12 03:38:05 | 000,031,616 | ---- | C] () -- C:\windows\SysWow64\FoolishEventLogMsgHelper.dll
[2013/01/12 03:35:07 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2013/01/09 23:24:12 | 000,000,017 | ---- | C] () -- C:\Users\Davino-Oh\AppData\Local\resmon.resmoncfg
[2013/01/09 22:02:18 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/12/26 10:42:28 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/12/26 10:42:20 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/26 10:42:12 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/05 23:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/05 23:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 16 February 2013 - 03:21 PM

OTL Extras logfile created on: 2/16/2013 05:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Davino-Oh\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 77.82% Memory free
15.89 Gb Paging File | 13.77 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.25 Gb Total Space | 598.14 Gb Free Space | 86.91% Space Free | Partition Type: NTFS
 
Computer Name: SD-2 | User Name: Davino-Oh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3640059862-1710280512-3291368780-1001\SOFTWARE\Classes\<extension>]
.html [@ = IceDragonHTML] -- C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe (COMODO Security Solutions)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013D76D4-F20F-4594-998E-8911791F53E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{01CF54CC-0C25-422F-A0AD-6E21A9ACB3C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{02C71B69-38A5-44D5-AB0A-AB2EE37021AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{083316D1-0DE0-440D-BD4E-6039188AEBF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{1812152A-BD84-4399-8B35-CB32A0A738A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{189BFC65-A2BE-42E7-AC08-0BF5B28703C8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1F558D42-28F3-4EDF-B6A9-F041F8F0BBB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20CCD332-9EBA-44B1-ABFE-ED05D391D155}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{327D841F-5533-43FF-A17A-6C5E68B57D3E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{373E2390-EB2F-4560-B236-16F190E4DA1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3937D13A-6C4B-4A1E-9AD5-6F71CFA316AC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4063814C-9E00-418D-8CD1-E7C53AB8344B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{43FEC3C7-2E65-485B-BDFF-8922F7C645AA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5939E2F1-F925-4AAF-AE80-5497EB57794F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CFB3AA0-D531-404D-96F0-19C558571E3C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66EB8CBC-0DE8-49D1-B1DD-9C11A50853C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69EC3ABA-6503-4B47-BD12-AA57CB9AE3F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{71C1B6DA-2949-4F6C-9510-AAD1846293B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{77E906C2-86B3-4144-A61C-7CB5D347624B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{844DC49D-DA0A-43D3-A54A-7B65AF828187}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8CAC3639-C67E-4C2B-8267-571D81872EE6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA67D054-0CB2-4283-9A34-62DBC8591ABD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8CA6D45-888D-45E9-B143-75D2F855C0E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C544E4CB-B3FA-4182-8E2C-47357721B2F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7E56128-1268-453C-BAD4-0226798A5DBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D513FC3D-152C-45EB-885D-F6E52D60E94C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA203AF4-384B-43CB-80C0-E6D6378218EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF594D93-58F2-40A6-8F49-38CD21EB71EC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{EC83B0C3-7C0C-4A32-825C-49EE0553A9E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEAD0305-9080-4491-9762-4E135FA2F9F4}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF0FF6B3-0B75-4EA0-9285-B8D90DFF7FC3}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF67153D-6F3E-49B6-88B7-6C54519601AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{F66E9D10-9529-4581-8B44-B998BC859F10}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BED2FDD-BCC4-4FA8-85F5-064244AA4781}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EBFBE3B-140C-4B90-8D37-269192848537}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{1A57AF01-1001-470B-9183-C3060BD18625}" = dir=in | app=e:\itunes\itunes.exe |
"{1DD42DD1-B22A-4955-8576-72FB50804B37}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{25C70F49-D8DA-499A-A0B0-4F9B7531F40A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{289F1019-5D0E-499F-B6AE-227F31420139}" = dir=in | name=ebay |
"{2955D0EE-0C1A-462C-945C-267B59B3E9AC}" = dir=out | name=vimeo |
"{317A0845-BEB7-4EA5-861C-D1DE5678134D}" = dir=out | name=norton studio |
"{31B7B00B-94E2-4707-B7F8-D5E29DE2016D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3311B1A5-2375-499E-89EC-3DAF0813140C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{394CBEDF-3DBC-4E06-8DCD-9B7804ACE2E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A9DA21B-18EF-46C0-BF43-A736FE6E9578}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3B7E14C2-9492-4508-B669-A61BC835B8E4}" = dir=out | name=news place |
"{43857AFD-9F23-4965-99A5-5F743B861C97}" = dir=out | name=icookbook se |
"{448679A9-F33E-4996-836E-4822E2E0F651}" = dir=out | name=toshiba media player by smedio truelink+ |
"{4896EBF8-9FBF-4590-9F9E-5B4932F92B8E}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{4A4B4D12-B423-4D1E-B5FE-65F5328DCEFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E057A48-8B0C-4EF2-9AC2-8E8378D70D5C}" = dir=out | name=stumbleupon |
"{5806F77C-00FF-4E41-8727-7AC6B7FA19FF}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{5B7757F1-752D-468E-BB2E-69BD930507BF}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{5D8F8B8C-361B-4CA0-BB4F-A1DBDDF3F0B5}" = dir=out | name=book place |
"{68C86881-398A-4984-B56E-7D11B7F74F4E}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{6AE35C0E-07A1-409D-9CB1-30809270E146}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{75AD9632-DCC0-4552-B4CB-884D960ECB68}" = dir=in | name=amazon for windows |
"{7C134F25-C087-420A-98E4-B4517664007F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{7D2ADE47-472C-4B3C-816C-548ADF2434CA}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7E7E13DF-11DF-4AE9-BA5C-74A05A013E93}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8107FE53-52F6-418B-A86A-AFDEA3CC7613}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{817CE393-945F-4561-9E00-FA364C06392C}" = dir=out | name=windows_ie_ac_001 |
"{85E45E1D-72C8-48C7-8050-A7209E0DA0E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90C4C7D2-62B9-4CE9-8D58-557D9E22FF88}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96088E52-F70A-4903-8103-B24D84A19402}" = dir=out | name=encyclopaedia britannica |
"{9BB56477-9893-43DF-A088-B0A30A35DE0C}" = dir=out | name=amazon for windows |
"{9F44429D-8CE2-4BF4-BC1C-3850F1C601C7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1861238-845A-42EE-9237-2E09093D67DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4ABC1AD-1577-44BC-A314-BFB3D75238BB}" = dir=out | name=toshiba central |
"{A961C36E-606A-4C77-8902-D825EB9293F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9DDF486-2E17-4BDD-9D43-A3A483FA53F5}" = dir=out | name=merriam-webster dictionary |
"{ABC4FD92-D728-481F-B0A5-7C7F9445E872}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC255E73-E8A0-4EFF-9520-DCE0931446C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B535F15F-E418-4355-B559-8EC77BBF062F}" = dir=out | name=ebay |
"{B54A533F-5578-48C7-8992-D2F974CF7ABB}" = dir=out | name=iheartradio |
"{BCA513BF-73A5-4914-B3EF-91E3F3F6CD9E}" = dir=in | name=toshiba media player by smedio truelink+ |
"{C5D8F2A3-89A8-4FCD-9A36-D5E3747D87EE}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C611FBD9-1DAF-429E-AF1A-7901EB5FC1A7}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{CFF167B1-64F0-4744-B5E7-399ABB82B332}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D053CA74-E072-46AB-B591-FFACF074AA5B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D2DBEBB4-7B8E-49D7-96BF-C1FA31B3CCAF}" = dir=out | name=netflix |
"{E1159D0C-1E45-4EE2-9F47-FE62E5DE12F2}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E414F4DD-E16F-47AC-9C8F-4764E836A606}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E4C76E47-6D6C-4660-AAF6-1D8E6FD1106E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA64593E-487E-4C28-89B7-FC65DE5165E5}" = protocol=6 | dir=out | app=system |
"{EAF21201-26C4-4D0C-AC09-CC83E36A188F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F8BA7F37-5BB4-4AD5-B452-44FFAF3DBCDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F9E5927F-1B08-4BB4-A936-7C585F7938DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE03BDCD-C02E-481D-B10D-AEA5A17D2518}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = SRS Premium Sound Control Panel
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel® WiDi
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C6771040-004C-4FB9-9D9A-E8784457304D}" = AutoRun Disable by Endpoint Protector
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Autorun Eater_is1" = Autorun Eater v2.6
"Comodo IceDragon" = Comodo IceDragon
"Glary Utilities_is1" = Glary Utilities 2.53.0.1726
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher
"RedEyes Host Monitor" = RedEyes Host Monitor
"Revo Uninstaller" = Revo Uninstaller 1.94
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/12/2013 16:05:24 | Computer Name = SD-2 | Source = ESENT | ID = 486
Description = Catalog Database (1204) Catalog Database: An attempt to move the file
 "C:\windows\system32\CatRoot2\edb.log" to "C:\windows\system32\CatRoot2\edb0000D.log"
 failed with system error 32 (0x00000020): "The process cannot access the file because
 it is being used by another process. ".  The move file operation will fail with
 error -1032 (0xfffffbf8).
 
Error - 1/12/2013 16:05:24 | Computer Name = SD-2 | Source = ESENT | ID = 413
Description = Catalog Database (1204) Catalog Database: Unable to create a new logfile
 because the database cannot write to the log drive. The drive may be read-only,
 out of disk space, misconfigured, or corrupted. Error -1032.
 
Error - 1/12/2013 16:05:24 | Computer Name = SD-2 | Source = ESENT | ID = 492
Description = Catalog Database (1204) Catalog Database: The logfile sequence in
"C:\windows\system32\CatRoot2\" has been halted due to a fatal error.  No further
 updates are possible for the databases that use this logfile sequence.  Please
correct the problem and restart or restore from backup.
 
Error - 1/12/2013 16:05:24 | Computer Name = SD-2 | Source = ESENT | ID = 471
Description = Catalog Database (1204) Catalog Database: Unable to rollback operation
 #14841 on database C:\windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.
 Error: -510. All future database updates will be rejected.
 
Error - 1/12/2013 16:07:29 | Computer Name = SD-2 | Source = Application Hang | ID = 1002
Description = The program D7.exe version 7.8.0.33 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 100c    Start Time:
 01cdf0fe48da81d4    Termination Time: 0    Application Path: C:\Users\Davino-Oh\Downloads\D7\D7.exe

Report
 Id: a7699231-5cf3-11e2-be87-00266c1dee1e    Faulting package full name:     Faulting package-relative
 application ID:   
 
Error - 1/12/2013 16:10:10 | Computer Name = SD-2 | Source = ESENT | ID = 104
Description = Catalog Database (1204) Catalog Database: The database engine stopped
 the instance (0) with error (-1090).        Internal Timing Sequence: [1] 0.000, [2] 0.000,
 [3] 0.000, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.016, [10]
 0.000, [11] 0.000, [12] 0.000, [13] 0.000, [14] 0.000, [15] 0.000.
 
Error - 1/12/2013 16:10:21 | Computer Name = SD-2 | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 2/5/2013 23:37:30 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:32 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:32 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:34 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:34 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:36 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:36 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:37 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:37 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
Error - 2/5/2013 23:37:39 | Computer Name = SD-2 | Source = Service Control Manager | ID = 7000
Description = The Cryptographic Services service failed to start due to the following
 error:   %%1079
 
 
< End of report >
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 16 February 2013 - 05:42 PM

Good morning Davino,

 

Please post the contents of logs, as it makes it much easier to analyse them.

 

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O33 - MountPoints2\{893e57a3-66fa-11e2-be8c-00266c1dee1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{893e57a3-66fa-11e2-be8c-00266c1dee1e}\Shell\AutoRun\command - "" = "E:\TLBootstrap_WPP.exe"

    :Commands
    [EmptyTemp]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

How is the computer running?
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 16 February 2013 - 11:03 PM

It is hacked, by the govt I think.



#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 17 February 2013 - 04:20 AM

Hello Davino,

 

It is hacked, by the govt I think.

What makes you say this?

 

Please post the results from OTL and let me know how your computer is running.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 Davino

Davino
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:13 AM

Posted 17 February 2013 - 10:44 AM

Hi! I say that because I was being followed and there have been many strange "coincidences". Did you know that the computer companies are in bed with the govt, putting backdoors into every operating system  & computer?

 

http://www.toshibasecurity.com/company/press_releases/090809.jsp



#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:13 PM

Posted 17 February 2013 - 03:29 PM

Hello Davino,

 

OK. Please post the results from OTL.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users