Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Difficult Malware


  • This topic is locked This topic is locked
11 replies to this topic

#1 aumol123

aumol123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 12 July 2013 - 09:27 AM

Hello,

 

I have tried every reputable malware removal tool known to eradicate this malware, nothing is working. This malware has hijacked my windows services and causing my cpu to run high.I recently ran the OTL tool and here is a copy of the log file. I have attached the log file and extras file created by the OTL tool.

 

OTL logfile created on: 7/12/2013 9:56:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\United\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.47 Gb Total Physical Memory | 13.32 Gb Available Physical Memory | 86.16% Memory free
17.59 Gb Paging File | 15.29 Gb Available in Paging File | 86.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586.00 Gb Total Space | 518.02 Gb Free Space | 88.40% Space Free | Partition Type: NTFS
Drive G: | 14.53 Gb Total Space | 1.53 Gb Free Space | 10.51% Space Free | Partition Type: FAT32
 
Computer Name: MARIO | User Name: United | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/12 09:55:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\United\Desktop\OTL.exe
PRC - [2013/07/12 09:28:47 | 001,440,008 | ---- | M] (Trend Micro Incorporated) -- C:\Users\United\Downloads\Programs\TwinFix.exe
PRC - [2013/07/10 10:59:50 | 003,612,240 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2013/07/06 07:00:53 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\United\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/06/18 10:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/08 09:19:08 | 002,233,368 | ---- | M] (Trend Micro Inc.) -- C:\Users\United\AppData\Local\Temp\HouseCall32\housecall.bin
PRC - [2013/04/19 10:20:30 | 000,564,848 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\ModernMix\MMix_32.exe
PRC - [2013/03/19 15:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
PRC - [2013/02/28 11:15:31 | 000,074,864 | ---- | M] (Stardock Software, Inc) -- C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe
PRC - [2012/12/12 09:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2012/08/04 19:02:22 | 001,548,952 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
PRC - [2012/07/25 23:21:02 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/07/25 23:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/18 10:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/03 01:52:17 | 000,151,552 | ---- | M] () -- C:\Users\United\AppData\Local\Temp\HouseCall32\libexpatw.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/13 01:53:54 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2013/01/18 11:12:56 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/01/08 06:34:48 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2012/08/13 23:14:02 | 000,289,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Teco\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2012/07/28 13:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2012/07/27 18:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV:64bit: - [2012/07/26 00:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 23:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 23:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 23:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 23:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 23:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 23:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 23:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 23:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 23:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 23:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/07/12 09:48:12 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TODDSrv.exe -- (TODDSrv)
SRV - [2013/07/12 09:48:12 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2013/07/12 09:48:12 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/07/12 09:48:12 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/07/07 03:55:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/19 15:08:23 | 000,142,960 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe -- (Start8)
SRV - [2013/02/28 11:15:31 | 000,074,864 | ---- | M] (Stardock Software, Inc) [Auto | Running] -- C:\Program Files (x86)\Stardock\ModernMix\MMixSrv.exe -- (ModernMix)
SRV - [2012/08/03 21:41:46 | 002,196,120 | ---- | M] (Toshiba America Information Systems.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe -- (taisregispinger)
SRV - [2012/07/25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/07/23 14:43:47 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/10/13 18:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/27 05:57:42 | 000,172,920 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2013/02/08 10:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/01/18 11:13:00 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/01/18 11:12:52 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 03:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/14 21:39:30 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/14 01:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/08/14 01:31:42 | 001,496,720 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce)
DRV:64bit: - [2012/07/31 16:28:54 | 000,028,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey)
DRV:64bit: - [2012/07/31 03:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 01:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/26 01:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 01:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 01:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/26 01:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/26 01:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 01:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/26 01:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/26 01:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 01:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 00:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/26 00:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/26 00:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/26 00:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 00:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/26 00:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 23:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 22:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 22:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 22:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 22:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 20:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2012/07/25 04:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2012/07/21 19:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2012/07/17 11:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/23 10:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/06/19 09:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/18 14:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2012/06/13 21:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/06/02 10:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV - [2012/07/13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009/09/11 18:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys -- (PEGAGFN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{1A571AFF-7F38-4291-92B3-C78A71CE97E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1A571AFF-7F38-4291-92B3-C78A71CE97E8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/
IE - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\..\SearchScopes,DefaultScope = {1A571AFF-7F38-4291-92B3-C78A71CE97E8}
IE - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.51
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7
FF - prefs.js..extensions.enabledAddons: copy-urls-expert%40kashiif-gmail.com:2.2.1
FF - prefs.js..extensions.enabledAddons: selectionlinks%40floriangilles.com:0.0.4
FF - prefs.js..extensions.enabledAddons: save-as-pdf-ff%40pdfcrowd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/09 09:08:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\United\AppData\Roaming\IDM\idmmzcc5 [2013/07/06 07:59:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\United\AppData\Roaming\IDM\idmmzcc5 [2013/07/06 07:59:18 | 000,000,000 | ---D | M]
 
[2013/07/07 03:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\United\AppData\Roaming\mozilla\Extensions
[2013/07/09 08:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\United\AppData\Roaming\mozilla\Firefox\Profiles\dz4wi5n8.default\extensions
[2013/07/07 15:15:35 | 000,053,991 | ---- | M] () (No name found) -- C:\Users\United\AppData\Roaming\mozilla\firefox\profiles\dz4wi5n8.default\extensions\copy-urls-expert@kashiif-gmail.com.xpi
[2013/07/09 08:06:22 | 000,057,194 | ---- | M] () (No name found) -- C:\Users\United\AppData\Roaming\mozilla\firefox\profiles\dz4wi5n8.default\extensions\save-as-pdf-ff@pdfcrowd.com.xpi
[2013/07/07 15:53:58 | 000,052,248 | ---- | M] () (No name found) -- C:\Users\United\AppData\Roaming\mozilla\firefox\profiles\dz4wi5n8.default\extensions\selectionlinks@floriangilles.com.xpi
[2013/07/07 15:14:24 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\United\AppData\Roaming\mozilla\firefox\profiles\dz4wi5n8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/07 03:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 03:46:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/06 07:59:18 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\UNITED\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/10/01 20:43:54 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
O1 HOSTS File: ([2013/07/11 13:15:31 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\..\Toolbar\WebBrowser: (no name) - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe (TODO: <公司名稱>)
O4 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001..\Run: [SkyDrive] C:\Users\United\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2296835951-3246675340-2239829081-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4661416B-3162-454F-9913-DC1C2D4A6254}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB7E22CF-D18A-48D4-BE0D-143B1788B18F}: DhcpNameServer = 10.4.0.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/07/10 18:51:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/04/04 08:28:40 | 001,185,022 | ---- | M] () - G:\Autorun Virus Remover v2.3(full version).rar -- [ FAT32 ]
O32 - AutoRun File - [2013/07/07 05:46:48 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/12 09:55:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\United\Desktop\OTL.exe
[2013/07/12 09:50:35 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\ElevatedDiagnostics
[2013/07/12 09:29:48 | 000,536,064 | ---- | C] (Igor Pavlov) -- C:\Users\United\AppData\Local\7za.exe
[2013/07/12 09:29:48 | 000,286,720 | ---- | C] (SteelWerX) -- C:\Users\United\AppData\Local\swreg.exe
[2013/07/12 09:29:48 | 000,163,840 | ---- | C] (Helge Klein) -- C:\Users\United\AppData\Local\setacl.exe
[2013/07/12 09:01:53 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\FRST64
[2013/07/12 08:56:22 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/12 08:34:27 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Keys
[2013/07/12 08:29:58 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Resources
[2013/07/12 08:28:04 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Tutorials
[2013/07/11 13:55:09 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\BitTorrent
[2013/07/11 13:18:17 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/07/11 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Temp
[2013/07/11 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Santrock - Life-Span Development - 13e, ISBN 0073532096 Test Bank
[2013/07/11 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\BitKiller1.2
[2013/07/11 10:14:48 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/07/11 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/07/11 09:53:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/07/11 09:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super File Shredder
[2013/07/11 08:50:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/10 21:24:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/10 21:24:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/10 21:24:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2013/07/10 21:24:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/10 21:24:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/07/10 21:24:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/10 21:23:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/10 19:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/07/10 19:01:51 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2013/07/10 10:55:53 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\New Stuff
[2013/07/10 10:22:41 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Diagnostics
[2013/07/09 09:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/07/09 09:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/07/09 08:02:37 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Download
[2013/07/09 07:20:20 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\Custom Office Templates
[2013/07/09 06:44:41 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013/07/09 06:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013/07/08 16:54:39 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/07/08 12:24:33 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Microsoft Toolkit
[2013/07/08 12:13:46 | 000,000,000 | --SD | C] -- C:\Users\United\Documents\My Shapes
[2013/07/08 11:51:27 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\VAMT2
[2013/07/08 11:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAMT 2.0
[2013/07/08 11:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VAMT 2.0
[2013/07/08 06:48:07 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\My Cheat Tables
[2013/07/08 06:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013/07/08 06:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013/07/08 05:19:30 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\DonationCoder
[2013/07/08 05:19:29 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\DonationCoder
[2013/07/07 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\desmume-0.9.9-win64
[2013/07/07 16:27:47 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\PeaZip
[2013/07/07 16:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2013/07/07 16:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2013/07/07 15:40:37 | 000,118,272 | ---- | C] (DeadPihto) -- C:\windows\SysNative\wsservice_crk.dll
[2013/07/07 13:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/07/07 13:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/07/07 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Adobe
[2013/07/07 13:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/07/07 13:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/07 13:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/07/07 13:13:17 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTemp
[2013/07/07 12:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/07/07 12:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/07 12:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/07/07 12:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/07/07 12:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/07/07 12:55:12 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Microsoft Help
[2013/07/07 12:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/07/07 12:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/07/07 12:54:53 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/07/07 12:19:07 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\Visual Studio 2012
[2013/07/07 12:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
[2013/07/07 12:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2013/07/07 12:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/07/07 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2013/07/07 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2013/07/07 12:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2013/07/07 12:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/07/07 12:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2013/07/07 12:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2013/07/07 12:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2013/07/07 12:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2013/07/07 12:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/07/07 12:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2013/07/07 12:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2013/07/07 12:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2013/07/07 12:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2013/07/07 12:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2013/07/07 12:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2013/07/07 12:07:06 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2013/07/07 12:06:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/07/07 11:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2013/07/07 11:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2013/07/07 11:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2013/07/07 11:58:08 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\1033
[2013/07/07 11:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/07/07 11:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/07/07 11:53:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2013/07/07 11:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2013/07/07 11:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2013/07/07 11:52:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\1033
[2013/07/07 11:52:15 | 000,000,000 | ---D | C] -- C:\windows\symbols
[2013/07/07 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2013/07/07 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/07/07 11:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/07/07 11:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2013/07/07 11:43:14 | 000,126,944 | ---- | C] (Power Software Ltd) -- C:\windows\SysNative\drivers\scdemu.sys
[2013/07/07 11:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2013/07/07 11:25:44 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Programs
[2013/07/07 11:22:32 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013/07/07 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013/07/07 11:22:21 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\windows\SysWow64\rewire.dll
[2013/07/07 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013/07/07 11:22:06 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Image-Line
[2013/07/07 11:22:05 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\Image-Line
[2013/07/07 11:22:03 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013/07/07 11:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2013/07/07 11:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013/07/07 11:21:53 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\windows\SysWow64\vorbis.acm
[2013/07/07 11:21:50 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\FlowStone
[2013/07/07 11:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2013/07/07 11:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013/07/07 07:39:40 | 000,000,000 | ---D | C] -- C:\Users\United\Desktop\Linux OS
[2013/07/07 05:29:21 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Apple Computer
[2013/07/07 05:29:21 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Apple Computer
[2013/07/07 05:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/07 05:29:16 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2013/07/07 05:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/07 05:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/07/07 05:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/07 05:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/07/07 05:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/07/07 05:28:46 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Apple
[2013/07/07 05:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/07/07 05:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/07/07 05:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/07/07 05:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/07/07 05:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/07/07 05:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/07/07 03:55:29 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Macromedia
[2013/07/07 03:46:32 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Mozilla
[2013/07/07 03:46:32 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Mozilla
[2013/07/07 03:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/07/07 03:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/07/07 03:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/07 03:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/07 03:37:33 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Google
[2013/07/07 03:36:53 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Apps
[2013/07/06 15:01:27 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\PCCUStubInstaller
[2013/07/06 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\TAP-Windows
[2013/07/06 11:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2013/07/06 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2013/07/06 10:22:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/06 07:59:11 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\IDM
[2013/07/06 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/07/06 07:59:11 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\DMCache
[2013/07/06 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/07/06 07:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/07/06 07:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/07/06 07:34:25 | 000,000,000 | ---D | C] -- C:\Users\United\Documents\Santrock - Life-Span Development - 13e, ISBN 0073532096 Test Bank
[2013/07/06 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\WinRAR
[2013/07/06 07:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/07/06 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/07/06 07:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/07/06 07:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/07/06 07:17:59 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Geek Uninstaller
[2013/07/06 07:12:43 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\AirVPN
[2013/07/06 07:03:16 | 000,000,000 | ---D | C] -- C:\SkyDriveTemp
[2013/07/06 07:00:28 | 000,000,000 | R--D | C] -- C:\Users\United\SkyDrive
[2013/07/06 06:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013/07/06 06:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2013/07/06 06:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2013/07/06 06:45:19 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Macromedia
[2013/07/06 06:36:33 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\ATI
[2013/07/06 06:36:33 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\ATI
[2013/07/06 06:31:28 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\TOSHIBA
[2013/07/06 06:31:27 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\SRS Labs
[2013/07/06 06:30:58 | 000,000,000 | R--D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/06 06:30:58 | 000,000,000 | R--D | C] -- C:\Users\United\Searches
[2013/07/06 06:30:58 | 000,000,000 | R--D | C] -- C:\Users\United\Contacts
[2013/07/06 06:30:58 | 000,000,000 | R--D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/06 06:30:58 | 000,000,000 | -H-D | C] -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/06 06:30:52 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Adobe
[2013/07/06 06:30:47 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\WinBatch
[2013/07/06 06:29:16 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\VirtualStore
[2013/07/06 06:28:44 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/07/06 06:28:44 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Packages
[2013/07/06 06:28:23 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\AppData\Local\Temporary Internet Files
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Templates
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Start Menu
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\SendTo
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Recent
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\PrintHood
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\NetHood
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Documents\My Videos
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Documents\My Pictures
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Documents\My Music
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\My Documents
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Local Settings
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\AppData\Local\History
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Cookies
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\Application Data
[2013/07/06 06:28:08 | 000,000,000 | -HSD | C] -- C:\Users\United\AppData\Local\Application Data
[2013/07/06 06:28:07 | 000,000,000 | --SD | C] -- C:\Users\United\AppData\Roaming\Microsoft
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Videos
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Saved Games
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Pictures
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Music
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Links
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Favorites
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Downloads
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Documents
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\Desktop
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/06 06:28:07 | 000,000,000 | R--D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/07/06 06:28:07 | 000,000,000 | -H-D | C] -- C:\Users\United\AppData
[2013/07/06 06:28:07 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Local\Microsoft
[2013/07/06 06:28:07 | 000,000,000 | ---D | C] -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/28 00:31:25 | 000,172,920 | ---- | C] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/12 09:55:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\United\Desktop\OTL.exe
[2013/07/12 09:53:32 | 000,883,857 | ---- | M] () -- C:\Users\United\AppData\Local\census.cache
[2013/07/12 09:52:58 | 000,083,334 | ---- | M] () -- C:\Users\United\AppData\Local\ars.cache
[2013/07/12 09:48:56 | 000,162,304 | ---- | M] () -- C:\Users\United\Desktop\rmbg3svx.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\WUDFHost.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\winlogon.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\wininit.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\TODDSrv.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\taskhostex.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\spoolsv.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\smss.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\services.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\RuntimeBroker.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\lsass.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\dwm.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\csrss.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\conhost.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\atiesrxx.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\atieclxx.exe
[2013/07/12 09:47:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/12 09:39:56 | 000,000,036 | ---- | M] () -- C:\Users\United\AppData\Local\housecall.guid.cache
[2013/07/12 09:29:55 | 000,000,126 | ---- | M] () -- C:\Malwarebackup.zip
[2013/07/12 09:29:49 | 000,286,720 | ---- | M] (SteelWerX) -- C:\Users\United\AppData\Local\swreg.exe
[2013/07/12 09:29:48 | 000,536,064 | ---- | M] (Igor Pavlov) -- C:\Users\United\AppData\Local\7za.exe
[2013/07/12 09:29:48 | 000,163,840 | ---- | M] (Helge Klein) -- C:\Users\United\AppData\Local\setacl.exe
[2013/07/12 08:53:49 | 000,898,288 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/12 08:53:49 | 000,754,258 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/12 08:53:49 | 000,146,472 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/12 08:51:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/12 08:49:16 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/12 08:49:13 | 399,908,861 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/11 17:46:35 | 000,221,342 | ---- | M] () -- C:\Users\United\Desktop\_csmg_391288812_00.jpg
[2013/07/11 13:57:02 | 000,000,825 | ---- | M] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/07/11 13:15:34 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/07/11 13:15:31 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/11 09:36:43 | 000,053,248 | ---- | M] () -- C:\windows\SysWow64\zlib.dll
[2013/07/10 21:03:29 | 000,007,602 | ---- | M] () -- C:\Users\United\AppData\Local\Resmon.ResmonCfg
[2013/07/10 19:01:51 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\FixZeroAccess.sys
[2013/07/10 18:51:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/07/09 22:04:31 | 000,001,116 | ---- | M] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/07/08 17:13:38 | 000,001,024 | -H-- | M] () -- C:\SYSTAG.BIN
[2013/07/08 09:19:43 | 709,183,011 | ---- | M] () -- C:\Users\United\Desktop\Microsoft Project 2013x64vl.rar
[2013/07/08 05:19:30 | 000,000,046 | ---- | M] () -- C:\windows\SysWow64\DonationCoder_processtamer_InstallInfo.dat
[2013/07/08 05:19:30 | 000,000,046 | ---- | M] () -- C:\Users\United\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2013/07/07 20:42:20 | 000,001,278 | ---- | M] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2013/07/07 20:16:19 | 000,424,344 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/07 13:00:38 | 001,698,195 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1404000.028\Cat.DB
[2013/07/07 11:52:28 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
[2013/07/07 11:25:48 | 000,000,915 | ---- | M] () -- C:\windows\unins000.dat
[2013/07/07 11:25:43 | 000,764,577 | ---- | M] () -- C:\windows\unins000.exe
[2013/07/07 11:22:21 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2013/07/07 05:29:19 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/07 03:46:24 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/06 07:00:50 | 000,000,013 | RHS- | M] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/07/06 06:38:16 | 000,001,439 | ---- | M] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/27 05:57:42 | 000,172,920 | ---- | M] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
 
========== Files Created - No Company Name ==========
 
[2013/07/12 09:53:32 | 000,883,857 | ---- | C] () -- C:\Users\United\AppData\Local\census.cache
[2013/07/12 09:52:58 | 000,083,334 | ---- | C] () -- C:\Users\United\AppData\Local\ars.cache
[2013/07/12 09:48:55 | 000,162,304 | ---- | C] () -- C:\Users\United\Desktop\rmbg3svx.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\WUDFHost.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\winlogon.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wininit.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\TODDSrv.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\taskhostex.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\spoolsv.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\smss.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\services.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\RuntimeBroker.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\lsass.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\dwm.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\csrss.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\conhost.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\atiesrxx.exe
[2013/07/12 09:48:12 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\atieclxx.exe
[2013/07/12 09:39:56 | 000,000,036 | ---- | C] () -- C:\Users\United\AppData\Local\housecall.guid.cache
[2013/07/12 09:29:55 | 000,000,126 | ---- | C] () -- C:\Malwarebackup.zip
[2013/07/11 17:46:31 | 000,221,342 | ---- | C] () -- C:\Users\United\Desktop\_csmg_391288812_00.jpg
[2013/07/11 13:57:02 | 000,000,825 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2013/07/11 13:18:49 | 000,001,014 | ---- | C] () -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Santrock - Life-Span Development - 13e, ISBN 0073532096 Test Bank.lnk
[2013/07/11 09:36:43 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2013/07/11 09:36:31 | 000,031,616 | ---- | C] () -- C:\windows\SysNative\FoolishEventLogMsgHelper.dll
[2013/07/10 21:24:16 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/10 21:24:16 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/10 21:24:16 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/10 21:24:16 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/10 21:24:16 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/10 21:03:29 | 000,007,602 | ---- | C] () -- C:\Users\United\AppData\Local\Resmon.ResmonCfg
[2013/07/10 18:23:16 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2013/07/09 22:04:30 | 000,001,116 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/07/08 17:13:38 | 000,001,024 | -H-- | C] () -- C:\SYSTAG.BIN
[2013/07/08 17:13:12 | 000,151,480 | ---- | C] () -- C:\windows\SysNative\ammntdrv.sys
[2013/07/08 17:13:12 | 000,030,648 | ---- | C] () -- C:\windows\SysNative\ambakdrv.sys
[2013/07/08 17:13:12 | 000,017,848 | ---- | C] () -- C:\windows\SysNative\amwrtdrv.sys
[2013/07/08 09:33:32 | 709,183,011 | ---- | C] () -- C:\Users\United\Desktop\Microsoft Project 2013x64vl.rar
[2013/07/08 05:19:30 | 000,000,046 | ---- | C] () -- C:\windows\SysWow64\DonationCoder_processtamer_InstallInfo.dat
[2013/07/08 05:19:30 | 000,000,046 | ---- | C] () -- C:\Users\United\AppData\Local\DonationCoder_processtamer_InstallInfo.dat
[2013/07/07 20:42:20 | 000,001,278 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2013/07/07 13:47:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/07/07 12:10:19 | 000,002,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2013/07/07 11:52:28 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
[2013/07/07 11:25:48 | 000,764,577 | ---- | C] () -- C:\windows\unins000.exe
[2013/07/07 11:25:48 | 000,000,915 | ---- | C] () -- C:\windows\unins000.dat
[2013/07/07 11:22:21 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 11.lnk
[2013/07/07 11:22:01 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2013/07/07 05:29:19 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/07 05:28:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/07/07 03:55:16 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/07 03:46:24 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/07/07 03:46:21 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/06 10:22:33 | 399,908,861 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/06 07:33:59 | 059,323,021 | ---- | C] () -- C:\Users\United\Documents\life-span development 13th edition b.pdf
[2013/07/06 07:00:50 | 000,000,013 | RHS- | C] () -- C:\windows\SysNative\drivers\fbd.sys
[2013/07/06 06:38:16 | 000,001,439 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/06 06:30:52 | 000,001,445 | ---- | C] () -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/06 06:28:07 | 000,002,237 | ---- | C] () -- C:\Users\United\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/07/06 06:28:07 | 000,000,352 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/06 06:28:07 | 000,000,334 | ---- | C] () -- C:\Users\United\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/03/06 13:58:31 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/03/06 13:53:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/08 13:10:24 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/08/08 13:10:24 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/07/26 04:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 04:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 03:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 21:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:48:53 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/07/25 16:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 16:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/02 16:11:02 | 000,016,384 | ---- | C] () -- C:\windows\SysWow64\theowl.dll
[2012/06/02 10:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/05/10 20:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll
[2012/02/02 23:00:58 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\TCPClient.dll
[2011/09/12 21:06:18 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 23:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 23:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 16 July 2013 - 06:28 PM

Hello aumol123,
 
My name is Cody and I'll be helping you clean up your computer.
 
It looks long and unnecessary, but what's below is very important information. Please take the time to read it before we get started.
 
I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.
 
I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working full time. If I do not respond within 48 hours, feel free to send me a private message.
 
Some points for you to keep in mind:
 
-Do NOT run any tools unless instructed to do so.
-We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
-Do not attach logs or use code boxes, just copy and paste the text.
-I cannot see your computer.
-Periodically update me on the condition of your computer, and provide detail in every post.
-Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
 
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
 
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 16 July 2013 - 06:29 PM

Hello aumol123,

 

Please download  DDS by sUBs from one of the following links.  Save it to your desktop.

DDS.com
DDS.pif

 

  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of those logfiles with your next answer.

Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

 

Information on A/V control HERE


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#4 aumol123

aumol123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 17 July 2013 - 03:26 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by United at 16:22:14 on 2013-07-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.15837.13969 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Teco\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\dwm.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
C:\Program Files\Toshiba\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
C:\Users\United\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\windows\system32\wwahost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by TOSHIBA
uSearch Bar = Preserve
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [SkyDrive] "C:\Users\United\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TPUReg] "C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe"
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4661416B-3162-454F-9913-DC1C2D4A6254} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BCA49546-2E6E-4226-A5EE-DEA4B2F4B6F9} : DHCPNameServer = 127.0.0.1
TCP: Interfaces\{C7778CC4-F4B3-420D-BE1E-BB00C9D47435} : DHCPNameServer = 10.4.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\United\AppData\Roaming\Mozilla\Firefox\Profiles\wggc4y6p.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-07-16 18:09; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\United\AppData\Roaming\Mozilla\Firefox\Profiles\wggc4y6p.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00B\ccSetx64.sys [2012-8-18 168608]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-8 240640]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\Drivers\appexDrv.sys [2013-3-6 199008]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [2011-10-13 156672]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-7-11 3939008]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [2009-9-11 14344]
R2 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2012-8-18 2196120]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\Teco\TecoService.exe [2012-8-13 289192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-17 98472]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-3-6 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-3-6 690832]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
R3 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]
R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-3-6 499096]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2012-7-28 458152]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2013-3-6 57000]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1496720]
.
=============== Created Last 30 ================
.
2013-07-17 19:33:26 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6AF1212F-8450-4997-B6D2-500C732DAAAB}\mpengine.dll
2013-07-17 18:03:34 -------- d-----w- C:\Users\United\AppData\Local\Adobe
2013-07-16 23:05:09 -------- d-----w- C:\Users\United\AppData\Local\Macromedia
2013-07-16 22:14:11 -------- d-----w- C:\Users\United\AppData\Roaming\AirVPN
2013-07-16 22:13:51 -------- d-----w- C:\Program Files\TAP-Windows
2013-07-16 22:13:49 -------- d-----w- C:\Program Files\OpenVPN
2013-07-16 22:06:40 -------- d-----w- C:\ProgramData\boost_interprocess
2013-07-16 21:46:28 -------- d-----w- C:\windows\pss
2013-07-16 21:12:04 -------- d-----w- C:\Users\United\AppData\Local\Mozilla
2013-07-16 13:00:50 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-15 15:43:16 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2013-07-15 15:42:25 -------- d-----w- C:\Users\United\AppData\Roaming\Geek Uninstaller
2013-07-15 15:06:02 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-07-15 14:49:14 -------- d-----w- C:\Users\United\AppData\Local\NPE
2013-07-15 14:42:35 -------- d-----w- C:\ProgramData\Symantec
2013-07-15 00:26:23 -------- d-----w- C:\Users\United\AppData\Local\ATI
2013-07-15 00:21:12 -------- d-----w- C:\Users\United\AppData\Local\TOSHIBA
2013-07-15 00:21:12 -------- d-----w- C:\Users\United\AppData\Local\SRS Labs
2013-07-15 00:20:23 -------- d-----r- C:\Users\United\Searches
2013-07-15 00:20:01 -------- d-----w- C:\Users\United\AppData\Roaming\WinBatch
2013-07-15 00:17:18 -------- d-----w- C:\Users\United\AppData\Local\VirtualStore
2013-07-15 00:12:33 -------- d-----w- C:\windows\SoftwareDistribution_
2013-07-14 23:49:14 -------- d--h--w- C:\$SysReset
2013-07-13 19:36:37 -------- d-----w- C:\$RECYCLE.BIN
2013-07-06 11:03:16 -------- d-----w- C:\SkyDriveTemp
2013-07-06 11:00:28 -------- d-----r- C:\Users\United\SkyDrive
2013-07-06 10:30:58 -------- d-----r- C:\Users\United\Contacts
2013-07-06 10:28:44 -------- d-----w- C:\Users\United\AppData\Local\Packages
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Videos
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Saved Games
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Pictures
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Music
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Links
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Downloads
2013-07-06 10:28:07 -------- d-----r- C:\Users\United\Documents
.
==================== Find3M  ====================
.
.
============= FINISH: 16:22:40.12 ===============
 



#5 aumol123

aumol123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 17 July 2013 - 03:28 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/14/2013 8:12:30 PM
System Uptime: 7/16/2013 7:52:16 PM (21 hours ago)
.
Motherboard: AMD |  | PLCSC8
Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 542.347 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 7/15/2013 11:43:01 AM - Removed Norton Online Backup
RP2: 7/17/2013 3:06:04 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Quick Stream
AMD VISION Engine Control Center
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Farmscapes
FATE
Microsoft Application Error Reporting
Microsoft Office
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Norton Online Backup
Norton Online Backup ARA
OpenVPN 2.3.0-I001
Origin
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Synaptics Pointing Device Driver
TAP-Windows 9.9.2
Toshiba App Place
TOSHIBA Application Installer
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
Toshiba Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Tweaking.com - Windows Repair (All in One)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
7/17/2013 4:12:38 PM, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
7/16/2013 7:52:55 PM, Error: Service Control Manager [7023]  - The Windows Media Player Network Sharing Service service terminated with the following error:  An attempt was made to reference a token that does not exist.
7/16/2013 6:04:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2013 6:03:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
7/16/2013 5:59:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2013 5:53:56 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:56 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:56 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/16/2013 5:53:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2013 5:53:49 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 5:53:17 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 5:51:17 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
7/15/2013 10:40:18 AM, Error: Service Control Manager [7031]  - The Norton Internet Security service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 10:40:18 AM, Error: Service Control Manager [7031]  - The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/15/2013 10:40:18 AM, Error: Service Control Manager [7031]  - The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/14/2013 8:17:32 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
.
==== End Of File ===========================
 



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 18 July 2013 - 11:13 PM

Hello aumol123,

 

Great, thanks!

 

I'm currently in the process of reviewing your logs.

 

I will be unable to post your next set of instruction until later tomorrow (7/19) evening (8pm or so my time) -- just wanted to give you a heads up as that will technically be past the 48 hour mark.


Edited by TheShooter93, 18 July 2013 - 11:15 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 19 July 2013 - 03:24 PM

Hello aumol123,

Your logs indicate that you previously ran ComboFix. You should never run ComboFix without the assistance of an trained malware remover.

ComboFix is a very powerful program and can damage your computer severely if misused. Please do not run it again without instruction to do so.

Having said that, that ComboFix scan should have created a log after completing. This log will be located at either C:\ComboFix.txt or C:\Qoobox\ComboFix.txt. If there are logs at both locations, choose C:\ComboFix.txt. Please enter this log in your next reply.

------------------------------------------------------------------------------------

Also, your logs show that you currently have Norton Online Backup installed.

 

Are you using Norton as your antivirus program?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 20 July 2013 - 09:04 AM

Hello aumol123,

 

Please do not miss my last reply. Make sure to answer those questions as well.

 

------------------------------------------------------------------------

 

Are you familiar with G:\Autorun Virus Remover v2.3(full version).rar?

 

Did you download it? Do you know what it does?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#9 aumol123

aumol123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 20 July 2013 - 12:37 PM

I was using Norton but I removed it because it's worthless. Yes I know exactly what autorun virus remover is. It removes virus  from folders or usb drives. The folder created by combo fix has been deleted along with the program, I have refreshed this windows 8 pc , since creating this forum. The text file created by combofix was deleted.



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 22 July 2013 - 10:45 AM

Hello aumol123,

 

Please download and run the Norton Removal Tool to get rid of the remnants of Norton on your computer.

 

--------------------------------------------------------------------------------------------------

 

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------------------------------------------------------------------------------------------

 

Lastly, what do you mean by "refresh" your computer?

 

Did you reinstall the operating system? Perform a System Restore?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:10 AM

Posted 25 July 2013 - 05:23 PM

Hello aumol123,

 

It has been 72 hours since my last post, are you still there?

 

If you need more time, just let me know. If you do not post within 48 hours the thread will be closed due to inactivity.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,424 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:10 PM

Posted 28 July 2013 - 01:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users