Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

total domination malware removal help


  • This topic is locked This topic is locked
17 replies to this topic

#1 quick94

quick94

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 12 June 2014 - 03:31 PM

Been told to move to this forum and post results from a dds scan. Some software called total domination has been downloaded on my pc along with some called bitlord and im struggling to remove it. 

 

DDS Scan log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by user at 18:16:26 on 2014-06-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.5422 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bbc.co.uk/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BA2416N05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
uRun: [Spotify Web Helper] "C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEST~1.LNK - C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 150.204.39.1 150.204.52.1
TCP: Interfaces\{A0BBB467-E259-41A9-BD5D-E214CBEC040E} : DHCPNameServer = 150.204.39.1 150.204.52.1
TCP: Interfaces\{A0BBB467-E259-41A9-BD5D-E214CBEC040E}\65D4238363736383D22374 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EB57D948-8B46-454C-9870-85F40B3927D8} : DHCPNameServer = 192.168.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-4-7 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-4-7 208416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-8 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-8 15920]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-4-7 22600]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-4-7 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-4-7 423240]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-7 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-4-7 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-8 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-7 50344]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-6-14 162824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-14 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-14 161560]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-14 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-6-14 93712]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-6-12 122584]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-14 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-14 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-14 565352]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Avolites CITP Active Fixture;Avolites CITP Active Fixture;C:\Program Files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe [2013-7-23 56320]
S3 Avolites Expert Usb;Avolites Expert Usb;C:\Program Files (x86)\Avolites\UsbExpert\UsbExpertService.exe [2013-8-19 8704]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-1-20 89160]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-24 1431888]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2012-9-10 14448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-5-24 19456]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-9 113800]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-9-10 155824]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-6-14 57216]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-5-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-5-24 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-8 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-06-12 16:22:08 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-06-12 16:21:21 -------- d-----w- C:\AdwCleaner
2014-06-12 16:18:37 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-12 16:18:25 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-12 16:18:25 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-12 16:18:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 15:26:04 -------- d-----w- C:\FRST
2014-06-12 13:56:06 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-12 13:20:07 -------- d-----w- C:\ddfec6a035c9168dc3f3f570e867
2014-06-12 13:19:29 -------- d-----w- C:\Program Files (x86)\BitLord 2
2014-06-12 13:19:28 -------- d-----w- C:\Users\user\AppData\Roaming\Plarium
2014-06-10 16:07:56 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A734F3BC-608B-4619-8871-060ADDE3F0B5}\mpengine.dll
2014-06-10 10:52:21 -------- d-----w- C:\Users\user\AppData\Roaming\EDrawings
2014-06-10 10:50:05 -------- d-----w- C:\Program Files (x86)\Common Files\eDrawings2014
2014-06-10 07:13:50 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-09 12:42:37 -------- d-----w- C:\Users\user\AppData\Local\Windows Live
2014-06-09 12:42:21 -------- d-----w- C:\Users\user\AppData\Local\{678F9671-6DFE-48A6-AEED-5BF54F0C57A8}
2014-06-03 14:47:52 -------- d-----w- C:\ProgramData\F-Secure
2014-05-16 21:20:18 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-16 21:20:18 2724864 ----a-w- C:\windows\System32\mshtml.tlb
.
==================== Find3M  ====================
.
2014-05-16 21:11:25 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-16 21:11:25 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-13 20:28:54 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 20:28:54 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 06:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-09 06:14:03 477184 ----a-w- C:\windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-07 18:34:26 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-07 18:34:26 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-07 18:34:26 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-07 18:34:26 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-07 18:34:25 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-05-07 18:34:24 43152 ----a-w- C:\windows\avastSS.scr
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-03-31 21:46:48 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 08:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 18:17:11.94 ===============
 
Attach Log:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 08/08/2012 11:19:23
System Uptime: 12/06/2014 17:25:36 (1 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 389 GiB total, 103.701 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 20/05/2014 19:58:57 - Windows Update
RP254: 24/05/2014 22:45:48 - Windows Update
RP255: 30/05/2014 16:44:57 - Windows Update
RP256: 03/06/2014 23:03:21 - Windows Update
RP257: 10/06/2014 08:12:36 - Installed Java 7 Update 60
RP258: 10/06/2014 11:49:12 - Installed eDrawings 2014.
RP259: 10/06/2014 17:06:42 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.9) MUI
Amazon MP3 Downloader 1.0.17
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
avast! Free Antivirus
Avolites Personality Builder
Avolites Titan
Avolites Titan Mobile
Avolites Titan One
Avolites Titan PC Suite 7.0
Avolites Titan Simulator
Avolites Usb Expert
Avolites Virtual Panel
Avolites Visualiser
Battlefield 3™
Battlelog Web Plugins
BBC iPlayer Desktop
Bluetooth Stack for Windows by Toshiba
Bonjour
Canon MG2100 series MP Drivers
Canon MG2100 series User Registration
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CITP Active Fixture
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD43 Plug-in v1.0.0.6
DVDFab 9.0.5.5 (26/07/2013)
eDrawings 2014
ESET Online Scanner v3
ESN Sonar
Flixster
FreeStyle Auto-Assist
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Greener Web
HandBrake 0.9.9.1
High-Definition Video Playback
HP Photosmart 7510 series Basic Device Software
HP Unified IO
ImgBurn
inSSIDer Office
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25 (64-bit)
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Log Viewer Pro
Malwarebytes Anti-Malware version 2.0.2.1012
Media Go
Media Go Video Playback Engine 1.96.120.08260
Media Player Codec Pack 4.2.5
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Essentials
Nero 11 Kwik Themes Basic
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero BurnRights 11
Nero BurnRights 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Origin
Pearl 2004 Simulator
PlayReady PC Runtime amd64
PlayStation®Network Downloader
PlayStation®Store
Premium Sound HD
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remtek Systems LTD Online Assistance
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SCS 10.3.1
SCS 11.1.4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
SolidWorks 2012 x64 Edition SP02
SolidWorks eDrawings 2012 x64 Edition SP02
SolidWorks Flow Simulation 2012 SP02 x64 Edition 
Sony Ericsson Update Engine
Sony PC Companion 2.10.206
Spotify
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VLC media player 2.0.5
welcome
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/06/2014 17:27:16, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/06/2014 10:41:59, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 


BC AdBot (Login to Remove)

 


m

#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:57 PM

Posted 15 June 2014 - 05:31 AM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 quick94

quick94
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 15 June 2014 - 06:25 AM

Hi Elle,

 

Here is my DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
Run by user at 11:45:54 on 2014-06-15
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.6192 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\atieclxx.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\Explorer.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\rundll32.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\CompatTel\WicaInventory.exe
C:\Program Files\HP\HP Photosmart 7510 series\Bin\HPNetworkCommunicator.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://bbc.co.uk/
uLocal Page = C:\windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = C:\windows\System32\userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BA2416N05PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1
uRun: [Spotify Web Helper] "C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FREEST~1.LNK - C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: EnableLinkedConnections = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A0BBB467-E259-41A9-BD5D-E214CBEC040E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EB57D948-8B46-454C-9870-85F40B3927D8} : DHCPNameServer = 192.168.0.1
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
mASetup: >{BC455173-F501-4356-804F-571FAFB6EA9A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\System32\cmd.exe /D /C start C:\windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\windows\System32\Rundll32.exe C:\windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 wuauserv;Windows Update;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R0 ACPI;Microsoft ACPI Driver;C:\windows\System32\drivers\acpi.sys [2010-11-21 334208]
R0 amdxata;amdxata;C:\windows\System32\drivers\amdxata.sys [2012-5-8 27008]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-4-7 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-4-7 208416]
R0 atapi;IDE Channel;C:\windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 CLFS;Common Log (CLFS);C:\windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\windows\System32\drivers\cng.sys [2013-11-15 458712]
R0 Compbatt;Microsoft Composite Battery Driver;C:\windows\System32\drivers\compbatt.sys [2009-7-14 21584]
R0 Disk;Disk Driver;C:\windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\windows\System32\drivers\fltMgr.sys [2010-11-21 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\windows\System32\drivers\fvevol.sys [2013-4-9 223752]
R0 hwpolicy;Hardware Policy Driver;C:\windows\System32\drivers\hwpolicy.sys [2010-11-21 14720]
R0 iaStor;Intel AHCI Controller;C:\windows\System32\drivers\iaStor.sys [2012-6-14 568600]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 KSecDD;KSecDD;C:\windows\System32\drivers\ksecdd.sys [2014-5-13 95680]
R0 KSecPkg;KSecPkg;C:\windows\System32\drivers\ksecpkg.sys [2014-5-13 155072]
R0 mountmgr;Mount Point Manager;C:\windows\System32\drivers\mountmgr.sys [2010-11-21 94592]
R0 msahci;msahci;C:\windows\System32\drivers\msahci.sys [2010-11-21 31104]
R0 msisadrv;msisadrv;C:\windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\System32\drivers\NBVol.sys [2012-5-8 72240]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\System32\drivers\NBVolUp.sys [2012-5-8 15920]
R0 NDIS;NDIS System Driver;C:\windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 partmgr;Partition Manager;C:\windows\System32\drivers\partmgr.sys [2012-8-8 75120]
R0 pci;PCI Bus Driver;C:\windows\System32\drivers\pci.sys [2010-11-21 184704]
R0 pciide;pciide;C:\windows\System32\drivers\pciide.sys [2009-7-14 12352]
R0 pcw;Performance Counters for Windows Driver;C:\windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 rdyboost;ReadyBoost;C:\windows\System32\drivers\rdyboost.sys [2012-5-8 213888]
R0 spldr;Security Processor Loader Driver;C:\windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 storflt;Disk Virtual Machine Bus Acceleration Filter Driver;C:\windows\System32\drivers\vmstorfl.sys [2010-11-21 46464]
R0 Tcpip;TCP/IP Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2014-6-11 1903552]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver;C:\windows\System32\drivers\TVALZ_O.SYS [2009-7-15 26840]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 volmgr;Volume Manager Driver;C:\windows\System32\drivers\volmgr.sys [2010-11-21 71552]
R0 volmgrx;Dynamic Volume Manager;C:\windows\System32\drivers\volmgrx.sys [2010-11-21 363392]
R0 volsnap;Storage volumes;C:\windows\System32\drivers\volsnap.sys [2012-5-8 296320]
R0 Wd;Microsoft Watchdog Timer Driver;C:\windows\System32\drivers\wd.sys [2009-7-14 21056]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\windows\System32\drivers\Wdf01000.sys [2013-10-8 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\windows\System32\drivers\afd.sys [2013-11-15 497152]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2013-4-7 22600]
R1 aswRdr;aswRdr;C:\windows\System32\drivers\aswRdr2.sys [2013-4-7 93568]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2013-4-7 1039096]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2013-4-7 423240]
R1 aswTdi;avast! Network Shield Support;C:\windows\System32\drivers\aswTdi.sys [2013-4-7 64288]
R1 Beep;Beep;C:\windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\windows\System32\drivers\cdrom.sys [2010-11-21 147456]
R1 CSC;Offline Files Driver;C:\windows\System32\drivers\csc.sys [2010-11-21 514560]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2012-3-19 89536]
R1 DfsC;DFS Namespace Client Driver;C:\windows\System32\drivers\dfsc.sys [2010-11-21 102400]
R1 discache;System Attribute Cache;C:\windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 Msfs;Msfs;C:\windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\windows\System32\drivers\netbt.sys [2010-11-21 261632]
R1 Npfs;Npfs;C:\windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS Packet Scheduler;C:\windows\System32\drivers\pacer.sys [2010-11-21 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\windows\System32\drivers\rdbss.sys [2010-11-21 309248]
R1 RDPCDD;RDPCDD;C:\windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 tdx;NetIO Legacy TDI Support Driver;C:\windows\System32\drivers\tdx.sys [2010-11-21 119296]
R1 TermDD;Terminal Device Driver;C:\windows\System32\drivers\termdd.sys [2010-11-21 63360]
R1 Tosrfcom;Bluetooth RFCOMM;C:\windows\System32\drivers\tosrfcom.sys [2010-11-29 82224]
R1 VgaSave;VgaSave;C:\windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R1 ws2ifsl;Winsock IFS Driver;C:\windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-1-7 43336]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-7 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-4-7 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-8 85328]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 AudioSrv;Windows Audio;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-7 50344]
R2 BFE;Base Filtering Engine;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2012-5-8 27648]
R2 BITS;Background Intelligent Transfer Service;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 Bonjour Service;Bonjour Service;C:\Program Files\Bonjour\mDNSResponder.exe [2011-8-30 462184]
R2 CryptSvc;Cryptographic Services;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
R2 CscService;Offline Files;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 DcomLaunch;DCOM Server Process Launcher;C:\windows\System32\svchost.exe -k DcomLaunch [2012-5-8 27648]
R2 Dhcp;DHCP Client;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R2 Dnscache;DNS Client;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
R2 DPS;Diagnostic Policy Service;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2012-5-8 27648]
R2 eventlog;Windows Event Log;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R2 EventSystem;COM+ Event System;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R2 FDResPub;Function Discovery Resource Publication;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
R2 FontCache;Windows Font Cache Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-6-14 162824]
R2 gpsvc;Group Policy Client;C:\windows\System32\svchost.exe -k GPSvcGroup [2012-5-8 27648]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-14 128280]
R2 IPBusEnum;PnP-X IP Bus Enumerator;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 iphlpsvc;IP Helper;C:\windows\System32\svchost.exe -k NetSvcs [2012-5-8 27648]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-14 161560]
R2 LanmanServer;Server;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 LanmanWorkstation;Workstation;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 lmhosts;TCP/IP NetBIOS Helper;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R2 LMS;Intel® Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2012-6-14 277784]
R2 luafv;UAC File Virtualization;C:\windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MMCSS;Multimedia Class Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 MpsSvc;Windows Firewall;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2012-5-8 27648]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 NlaSvc;Network Location Awareness;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
R2 nsi;Network Store Interface Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R2 PcaSvc;Program Compatibility Assistant Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 PEAUTH;PEAUTH;C:\windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 PlugPlay;Plug and Play;C:\windows\System32\svchost.exe -k DcomLaunch [2012-5-8 27648]
R2 PnkBstrA;PnkBstrA;C:\windows\System32\PnkBstrA.exe --> C:\windows\System32\PnkBstrA.exe [?]
R2 Power;Power;C:\windows\System32\svchost.exe -k DcomLaunch [2012-5-8 27648]
R2 ProfSvc;User Profile Service;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\windows\System32\svchost.exe -k RPCSS [2012-5-8 27648]
R2 RpcSs;Remote Procedure Call (RPC);C:\windows\System32\svchost.exe -k rpcss [2012-5-8 27648]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\windows\System32\drivers\rspndr.sys [2009-7-14 76800]
R2 SamSs;Security Accounts Manager;C:\windows\System32\lsass.exe [2014-5-13 31232]
R2 Schedule;Task Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 secdrv;Security Driver;C:\windows\System32\drivers\secdrv.sys [2009-7-14 23040]
R2 seclogon;Secondary Logon;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 SENS;System Event Notification Service;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 ShellHWDetection;Shell Hardware Detection;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 Spooler;Print Spooler;C:\windows\System32\spoolsv.exe [2012-8-23 559104]
R2 sppsvc;Software Protection;C:\windows\System32\sppsvc.exe [2010-11-21 3524608]
R2 stisvc;Windows Image Acquisition (WIA);C:\windows\System32\svchost.exe -k imgsvc [2012-5-8 27648]
R2 SysMain;Superfetch;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\windows\System32\drivers\tcpipreg.sys [2012-11-16 45568]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
R2 Themes;Themes;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service;C:\windows\System32\TODDSrv.exe [2012-5-8 138656]
R2 TosCoSrv;TOSHIBA Power Saver;C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2011-12-15 583088]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TrkWks;Distributed Link Tracking Client;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UxSms;Desktop Window Manager Session Manager;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 WinDefend;Windows Defender;C:\windows\System32\svchost.exe -k secsvcs [2012-5-8 27648]
R2 Winmgmt;Windows Management Instrumentation;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R2 Wlansvc;WLAN AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-29 2292096]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-21 1525248]
R2 wscsvc;Security Center;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R2 WSearch;Windows Search;C:\windows\System32\SearchIndexer.exe [2012-5-8 591872]
R3 AeLookupSvc;Application Experience;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R3 amdkmdag;amdkmdag;C:\windows\System32\drivers\atikmdag.sys [2012-12-19 11278336]
R3 amdkmdap;amdkmdap;C:\windows\System32\drivers\atikmpag.sys [2012-12-19 552960]
R3 Appinfo;Application Information;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\windows\System32\drivers\athrx.sys [2012-6-14 2799616]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-6-14 93712]
R3 bowser;Browser Support Driver;C:\windows\System32\drivers\bowser.sys [2012-8-8 90624]
R3 Browser;Computer Browser;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\windows\System32\drivers\CompositeBus.sys [2010-11-21 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\windows\System32\drivers\dxgkrnl.sys [2013-10-8 983488]
R3 EapHost;Extensible Authentication Protocol;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R3 fastfat;FAT12/16/32 File System Driver;C:\windows\System32\drivers\fastfat.sys [2009-7-14 204800]
R3 fdPHost;Function Discovery Provider Host;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\windows\System32\drivers\GEARAspiWDM.sys [2012-11-30 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\windows\System32\drivers\hdaudbus.sys [2010-11-21 122368]
R3 HomeGroupListener;HomeGroup Listener;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R3 HomeGroupProvider;HomeGroup Provider;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
R3 HTTP;HTTP;C:\windows\System32\drivers\http.sys [2010-11-21 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\windows\System32\drivers\RTKVHD64.sys [2012-6-14 4013928]
R3 intelppm;Intel Processor Driver;C:\windows\System32\drivers\intelppm.sys [2009-7-14 62464]
R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2014-1-20 641352]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 kbdclass;Keyboard Class Driver;C:\windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 KeyIso;CNG Key Isolation;C:\windows\System32\lsass.exe [2014-5-13 31232]
R3 ksthunk;Kernel Streaming Thunks;C:\windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
R3 MEIx64;Intel® Management Engine Interface ;C:\windows\System32\drivers\HECIx64.sys [2012-7-17 62784]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mouclass;Mouse Class Driver;C:\windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\windows\System32\drivers\mrxsmb.sys [2012-5-8 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\windows\System32\drivers\mrxsmb10.sys [2012-5-8 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\windows\System32\drivers\mrxsmb20.sys [2012-5-8 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\windows\System32\drivers\nwifi.sys [2009-7-14 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\windows\System32\drivers\ndisuio.sys [2010-11-21 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\windows\System32\drivers\ndiswan.sys [2010-11-21 164352]
R3 NDProxy;NDIS Proxy;C:\windows\System32\drivers\ndproxy.sys [2010-11-21 57856]
R3 Netman;Network Connections;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R3 netprofm;Network List Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 Ntfs;Ntfs;C:\windows\System32\drivers\ntfs.sys [2014-4-10 1684928]
R3 p2pimsvc;Peer Networking Identity Manager;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2012-5-8 27648]
R3 p2psvc;Peer Networking Grouping;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2012-5-8 27648]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-6-14 38096]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2012-5-8 27648]
R3 PolicyAgent;IPsec Policy Agent;C:\windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2012-5-8 27648]
R3 PptpMiniport;WAN Miniport (PPTP);C:\windows\System32\drivers\raspptp.sys [2010-11-21 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\windows\System32\drivers\rasl2tp.sys [2010-11-21 129536]
R3 RasMan;Remote Access Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
R3 RasPppoe;Remote Access PPPOE Driver;C:\windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-6-14 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-14 565352]
R3 srv;Server SMB 1.xxx Driver;C:\windows\System32\drivers\srv.sys [2012-5-8 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\windows\System32\drivers\srv2.sys [2012-5-8 410112]
R3 srvnet;srvnet;C:\windows\System32\drivers\srvnet.sys [2012-5-8 168448]
R3 SSDPSRV;SSDP Discovery;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 StillCam;Still Serial Digital Camera Driver;C:\windows\System32\drivers\serscan.sys [2009-7-14 12288]
R3 swenum;Software Bus Driver;C:\windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 SynTP;Synaptics TouchPad Driver;C:\windows\System32\drivers\SynTP.sys [2011-12-19 411920]
R3 TapiSrv;Telephony;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\windows\System32\drivers\tdcmdpst.sys [2009-7-31 27784]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-4-2 198064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 tosporte;Bluetooth COM Port;C:\windows\System32\drivers\tosporte.sys [2009-6-17 54664]
R3 tosrfbd;Bluetooth RFBUS;C:\windows\System32\drivers\tosrfbd.sys [2012-1-30 304696]
R3 tosrfbnp;Bluetooth RFBNEP;C:\windows\System32\drivers\tosrfbnp.sys [2010-11-11 50864]
R3 tosrfec;Bluetooth ACPI;C:\windows\System32\drivers\tosrfec.sys [2010-6-19 18872]
R3 Tosrfhid;Bluetooth RFHID;C:\windows\System32\drivers\Tosrfhid.sys [2010-8-30 94528]
R3 tosrfnds;Bluetooth Personal Area Network;C:\windows\System32\drivers\tosrfnds.sys [2009-7-24 26472]
R3 Tosrfusb;Bluetooth USB Controller;C:\windows\System32\drivers\tosrfusb.sys [2011-12-17 79040]
R3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-21 194048]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\windows\System32\drivers\tunnel.sys [2010-11-21 125440]
R3 umbus;UMBus Enumerator Driver;C:\windows\System32\drivers\umbus.sys [2010-11-21 48640]
R3 upnphost;UPnP Device Host;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\windows\System32\drivers\usbccgp.sys [2014-1-15 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\windows\System32\drivers\usbehci.sys [2014-1-15 53248]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\windows\System32\drivers\usbhub.sys [2014-1-15 343040]
R3 usbvideo;USB Video Device (WDM);C:\windows\System32\drivers\usbvideo.sys [2013-10-8 185344]
R3 vwifibus;Virtual WiFi Bus Driver;C:\windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 W32Time;Windows Time;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 WdiServiceHost;Diagnostic Service Host;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 WdiSystemHost;Diagnostic System Host;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
R3 WinDriver6;WinDriver6;C:\windows\System32\drivers\windrvr6.sys [2012-2-27 260608]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-8 136176]
S2 SharedAccess;Internet Connection Sharing (ICS);C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-14 363800]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\windows\System32\drivers\1394ohci.sys [2010-11-21 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\windows\System32\drivers\acpipmi.sys [2010-11-21 12800]
S3 Adobe LM Service;Adobe LM Service;C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-1-8 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 257712]
S3 adp94xx;adp94xx;C:\windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 adpu320;adpu320;C:\windows\System32\drivers\adpu320.sys [2009-7-13 182864]
S3 agp440;Intel AGP Bus Filter;C:\windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 AmdPPM;AMD Processor Driver;C:\windows\System32\drivers\amdppm.sys [2009-7-14 60928]
S3 amdsata;amdsata;C:\windows\System32\drivers\amdsata.sys [2012-5-8 107904]
S3 amdsbs;amdsbs;C:\windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\windows\System32\drivers\appid.sys [2010-11-21 61440]
S3 AppIDSvc;Application Identity;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 AppMgmt;Application Management;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 arc;arc;C:\windows\System32\drivers\arc.sys [2009-7-13 87632]
S3 arcsas;arcsas;C:\windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-9-11 51808]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 Avolites CITP Active Fixture;Avolites CITP Active Fixture;C:\Program Files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe [2013-7-23 56320]
S3 Avolites Expert Usb;Avolites Expert Usb;C:\Program Files (x86)\Avolites\UsbExpert\UsbExpertService.exe [2013-8-19 8704]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\windows\System32\svchost.exe -k AxInstSVGroup [2012-5-8 27648]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 BridgeMP;MAC Bridge Miniport;C:\windows\System32\drivers\bridge.sys [2009-7-14 95232]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BthEnum;Bluetooth Request Block Driver;C:\windows\System32\drivers\bthenum.sys [2009-7-14 41984]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\windows\System32\drivers\bthpan.sys [2009-7-14 118784]
S3 BTHPORT;Bluetooth Port Driver;C:\windows\System32\drivers\bthport.sys [2012-8-23 552960]
S3 bthserv;Bluetooth Support Service;C:\windows\System32\svchost.exe -k bthsvcs [2012-5-8 27648]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\windows\System32\drivers\BTHUSB.SYS [2012-5-8 80384]
S3 CertPropSvc;Certificate Propagation;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 circlass;Consumer IR Devices;C:\windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 cmdide;cmdide;C:\windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 COMSysApp;COM+ System Application;C:\windows\System32\dllhost.exe [2009-7-14 9728]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-1-20 89160]
S3 defragsvc;Disk Defragmenter;C:\windows\System32\svchost.exe -k defragsvc [2012-5-8 27648]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 dot3svc;Wired AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 EFS;Encrypting File System (EFS);C:\windows\System32\lsass.exe [2014-5-13 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-21 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
S3 elxstor;elxstor;C:\windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 exfat;exFAT File System Driver;C:\windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 Fax;Fax;C:\windows\System32\FXSSVC.exe [2010-11-21 689152]
S3 fdc;Floppy Disk Controller Driver;C:\windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 Filetrace;Filetrace;C:\windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-24 1431888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-9-24 1044816]
S3 flpydisk;Floppy Disk Driver;C:\windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-21 42856]
S3 FsDepends;File System Dependency Minifilter;C:\windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 ggflt;SEMC USB Flash Driver Filter;C:\windows\System32\drivers\ggflt.sys [2012-9-10 14448]
S3 ggsemc;SEMC USB Flash Driver;C:\windows\System32\drivers\ggsemc.sys [2012-9-10 27760]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-8 136176]
S3 gusvc;Google Software Updater;C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-5-8 194032]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\windows\System32\drivers\HdAudio.sys [2010-11-21 350208]
S3 HidBatt;HID UPS Battery Driver;C:\windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hidserv;Human Interface Device Access;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 HidUsb;Microsoft HID Class Driver;C:\windows\System32\drivers\hidusb.sys [2010-11-21 30208]
S3 hkmsvc;Health Key and Certificate Management;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 HpSAMD;HpSAMD;C:\windows\System32\drivers\HpSAMD.sys [2010-11-21 78720]
S3 iaStorV;iaStorV;C:\windows\System32\drivers\iaStorV.sys [2012-5-8 410496]
S3 IDriverT;InstallDriver Table Manager;C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-4-4 69632]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-21 856400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 iirsp;iirsp;C:\windows\System32\drivers\iirsp.sys [2009-7-13 44112]
S3 intelide;intelide;C:\windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\windows\System32\drivers\ipfltdrv.sys [2010-11-21 82944]
S3 IPMIDRV;IPMIDRV;C:\windows\System32\drivers\IPMIDrv.sys [2010-11-21 78848]
S3 IPNAT;IP Network Address Translator;C:\windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort Driver;C:\windows\System32\drivers\msiscsi.sys [2014-4-10 274880]
S3 kbdhid;Keyboard HID Driver;C:\windows\System32\drivers\kbdhid.sys [2010-11-21 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2012-5-8 27648]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
S3 LSI_FC;LSI_FC;C:\windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 MegaSR;MegaSR;C:\windows\System32\drivers\MegaSR.sys [2009-7-13 284736]
S3 Modem;Modem;C:\windows\System32\drivers\modem.sys [2009-7-14 40448]
S3 mouhid;Mouse HID Driver;C:\windows\System32\drivers\mouhid.sys [2009-7-14 31232]
S3 mpio;mpio;C:\windows\System32\drivers\mpio.sys [2010-11-21 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\windows\System32\drivers\mrxdav.sys [2013-10-8 140800]
S3 msdsm;msdsm;C:\windows\System32\drivers\msdsm.sys [2010-11-21 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\windows\System32\msdtc.exe [2009-7-14 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 msiserver;Windows Installer;C:\windows\System32\msiexec.exe [2010-11-21 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\windows\System32\drivers\msrpc.sys [2010-11-21 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 napagent;Network Access Protection Agent;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Netlogon;Netlogon;C:\windows\System32\lsass.exe [2014-5-13 31232]
S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvraid;nvraid;C:\windows\System32\drivers\nvraid.sys [2012-5-8 148352]
S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2012-5-8 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Parport;Parallel port driver;C:\windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pcmcia;pcmcia;C:\windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 PeerDistSvc;BranchCache;C:\windows\System32\svchost.exe -k PeerDist [2012-5-8 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2012-5-8 27648]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2012-5-8 27648]
S3 Processor;Processor Driver;C:\windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\windows\System32\lsass.exe [2014-5-13 31232]
S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 QWAVEdrv;QWAVE driver;C:\windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 RDPDR;Terminal Server Device Redirector Driver;C:\windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-5-24 19456]
S3 RDPWD;RDP Winstation Driver;C:\windows\System32\drivers\rdpwd.sys [2012-8-8 210944]
S3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-9 113800]
S3 RemoteRegistry;Remote Registry;C:\windows\System32\svchost.exe -k regsvc [2012-5-8 27648]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\windows\System32\Locator.exe [2009-7-14 10240]
S3 s3cap;s3cap;C:\windows\System32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sbp2port;sbp2port;C:\windows\System32\drivers\sbp2port.sys [2010-11-21 103808]
S3 SCardSvr;Smart Card;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 scfilter;Smart card PnP Class Filter Driver;C:\windows\System32\drivers\scfilter.sys [2010-11-21 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 SDRSVC;Windows Backup;C:\windows\System32\svchost.exe -k SDRSVC [2012-5-8 27648]
S3 SensrSvc;Adaptive Brightness;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 Serenum;Serenum Filter Driver;C:\windows\System32\drivers\serenum.sys [2009-7-14 23552]
S3 Serial;Serial;C:\windows\System32\drivers\serial.sys [2009-7-14 94208]
S3 sermouse;Serial Mouse Driver;C:\windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 sffdisk;SFF Storage Class Driver;C:\windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\windows\System32\drivers\sffp_sd.sys [2010-11-21 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SiSRaid2;SiSRaid2;C:\windows\System32\drivers\sisraid2.sys [2009-6-10 43584]
S3 SiSRaid4;SiSRaid4;C:\windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 SNMPTRAP;SNMP Trap;C:\windows\System32\snmptrap.exe [2009-7-14 14336]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service;C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2012-9-24 79360]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-9-10 155824]
S3 sppuinotify;SPP Notification Service;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 stexstor;stexstor;C:\windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 storvsc;storvsc;C:\windows\System32\drivers\storvsc.sys [2010-11-21 34688]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\windows\System32\svchost.exe -k swprv [2012-5-8 27648]
S3 TabletInputService;Tablet PC Input Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 TBS;TPM Base Services;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2014-6-11 1903552]
S3 TDPIPE;TDPIPE;C:\windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\windows\System32\drivers\tdtcp.sys [2012-5-8 23552]
S3 TermService;Remote Desktop Services;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
S3 THREADORDER;Thread Ordering Server;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-6-14 57216]
S3 TosRfSnd;Bluetooth Audio;C:\windows\System32\drivers\TosRfSnd.sys [2010-4-26 63488]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\windows\System32\drivers\tssecsrv.sys [2013-8-13 39936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-5-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-5-24 30208]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 UI0Detect;Interactive Services Detection;C:\windows\System32\UI0Detect.exe [2009-7-14 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\windows\System32\drivers\usbcir.sys [2013-10-8 100864]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\windows\System32\drivers\usbohci.sys [2014-1-15 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 usbscan;USB Scanner Driver;C:\windows\System32\drivers\usbscan.sys [2013-10-8 42496]
S3 USBSTOR;USB Mass Storage Driver;C:\windows\System32\drivers\USBSTOR.SYS [2012-5-8 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\windows\System32\drivers\usbuhci.sys [2014-1-15 30720]
S3 VaultSvc;Credential Manager;C:\windows\System32\lsass.exe [2014-5-13 31232]
S3 vds;Virtual Disk;C:\windows\System32\vds.exe [2010-11-21 533504]
S3 vga;vga;C:\windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\windows\System32\drivers\vhdmp.sys [2010-11-21 215936]
S3 viaide;viaide;C:\windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 vmbus;vmbus;C:\windows\System32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID;C:\windows\System32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vsmraid;vsmraid;C:\windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 VSS;Volume Shadow Copy;C:\windows\System32\VSSVC.exe [2010-11-21 1600512]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-8 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\windows\System32\wbengine.exe [2010-11-21 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\windows\System32\svchost.exe -k WbioSvcGroup [2012-5-8 27648]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S3 WcsPlugInService;Windows Color System;C:\windows\System32\svchost.exe -k wcssvc [2012-5-8 27648]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WebClient;WebClient;C:\windows\System32\svchost.exe -k LocalService [2012-5-8 27648]
S3 Wecsvc;Windows Event Collector;C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S3 WerSvc;Windows Error Reporting Service;C:\windows\System32\svchost.exe -k WerSvcGroup [2012-5-8 27648]
S3 WIMMount;WIMMount;C:\windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinRM;Windows Remote Management (WS-Management);C:\windows\System32\svchost.exe -k NetworkService [2012-5-8 27648]
S3 WinUsb;WinUsb Driver;C:\windows\System32\drivers\winusb.sys [2010-11-21 41984]
S3 wmiApSrv;WMI Performance Adapter;C:\windows\System32\wbem\WmiApSrv.exe [2009-7-14 203264]
S3 WPCSvc;Parental Controls;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2012-5-8 27648]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\windows\System32\drivers\WUDFPf.sys [2012-11-16 87040]
S3 WUDFRd;WUDFRd;C:\windows\System32\drivers\WUDFRd.sys [2012-11-16 198656]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-5-8 27648]
S3 WwanSvc;WWAN AutoConfig;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2012-5-8 27648]
S4 cdfs;CD/DVD File System Reader;C:\windows\System32\drivers\cdfs.sys [2009-7-14 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-13 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-5-8 27648]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 RemoteAccess;Routing and Remote Access;C:\windows\System32\svchost.exe -k netsvcs [2012-5-8 27648]
S4 udfs;udfs;C:\windows\System32\drivers\udfs.sys [2010-11-21 328192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\windows\hh.exe" %1
FileExt: .ini: inifile=C:\windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: ImgBurn.exe: open="C:\Program Files (x86)\ImgBurn\ImgBurn.exe" /MODE WRITE /SOURCE "%1"
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: ois.exe: Edit=C:\PROGRA~2\MICROS~4\Office14\OIS.EXE /shellEdit "%1"
ShellExec: ois.exe: Open=C:\PROGRA~2\MICROS~4\Office14\OIS.EXE /shellOpen "%1"
ShellExec: ois.exe: Preview=C:\PROGRA~2\MICROS~4\Office14\OIS.EXE /shellPreview "%1"
ShellExec: photoviewer.dll: open=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: RealPlay.exe: open="C:\Program Files (x86)\Real\RealPlayer\realplay.exe" "%1"
ShellExec: scs10.exe: open="C:\Program Files (x86)\Sound Cue System 10\scs10.exe" "%1"
ShellExec: vlc.exe: Open="C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1"
ShellExec: VSLauncher.exe: Open="C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
ShellExec: vsta.exe: edit="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" /dde
ShellExec: vsta.exe: open="C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\vsta.exe" "%1"
ShellExec: Winword.exe: edit="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2014-06-12 16:22:08 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-06-12 16:21:21 -------- d-----w- C:\AdwCleaner
2014-06-12 16:18:37 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-06-12 16:18:25 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-06-12 16:18:25 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-06-12 16:18:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 15:26:04 -------- d-----w- C:\FRST
2014-06-12 13:56:06 -------- d-----w- C:\Program Files (x86)\ESET
2014-06-12 13:20:07 -------- d-----w- C:\ddfec6a035c9168dc3f3f570e867
2014-06-12 13:19:29 -------- d-----w- C:\Program Files (x86)\BitLord 2
2014-06-12 13:19:28 -------- d-----w- C:\Users\user\AppData\Roaming\Plarium
2014-06-11 18:03:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-06-11 18:03:00 810200 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-06-11 18:03:00 69632 ----a-w- C:\windows\SysWow64\mshtmled.dll
2014-06-11 18:03:00 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-06-11 18:03:00 48640 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-06-11 18:03:00 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-06-11 18:03:00 1143296 ----a-w- C:\windows\SysWow64\urlmon.dll
2014-06-11 18:02:59 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-11 18:02:59 151552 ----a-w- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll
2014-06-11 18:02:58 526336 ----a-w- C:\windows\SysWow64\msfeeds.dll
2014-06-11 18:02:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-06-11 18:02:58 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-06-11 18:02:58 368128 ----a-w- C:\windows\SysWow64\dxtmsft.dll
2014-06-11 18:02:58 209408 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsTap.dll
2014-06-11 18:02:58 17271296 ----a-w- C:\windows\SysWow64\mshtml.dll
2014-06-11 18:02:58 146432 ----a-w- C:\Program Files\Internet Explorer\Timeline_is.dll
2014-06-11 18:02:57 812248 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-06-11 18:02:57 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-11 18:02:57 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-06-11 18:02:57 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-11 18:02:57 271872 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-06-11 18:02:57 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-06-11 18:02:57 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-06-11 18:02:57 2179072 ----a-w- C:\windows\SysWow64\iertutil.dll
2014-06-11 18:02:57 1964544 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-11 18:02:57 1398272 ----a-w- C:\windows\System32\urlmon.dll
2014-06-11 18:02:56 8011776 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-06-11 18:02:56 43008 ----a-w- C:\windows\SysWow64\jsproxy.dll
2014-06-11 18:02:56 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-06-11 18:02:56 32768 ----a-w- C:\windows\SysWow64\iernonce.dll
2014-06-11 18:02:55 326144 ----a-w- C:\Program Files\Internet Explorer\F12Tools.dll
2014-06-11 18:02:55 255488 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-06-11 18:02:55 227840 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-06-11 18:02:55 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-06-11 18:02:55 1064960 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-06-11 18:02:54 452096 ----a-w- C:\windows\System32\dxtmsft.dll
2014-06-11 18:02:54 242688 ----a-w- C:\windows\SysWow64\dxtrans.dll
2014-06-11 18:02:54 145920 ----a-w- C:\Program Files\Internet Explorer\Timeline.dll
2014-06-11 18:02:53 631808 ----a-w- C:\windows\System32\msfeeds.dll
2014-06-11 18:02:53 440832 ----a-w- C:\windows\SysWow64\ieui.dll
2014-06-11 18:02:52 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-06-11 18:02:52 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-06-11 18:02:52 608768 ----a-w- C:\windows\System32\ie4uinit.exe
2014-06-11 18:02:52 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-11 18:02:52 11725312 ----a-w- C:\windows\SysWow64\ieframe.dll
2014-06-11 18:02:51 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-06-11 18:02:51 2768384 ----a-w- C:\windows\System32\iertutil.dll
2014-06-11 18:02:51 2040832 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-11 18:02:51 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-06-11 18:02:51 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-06-11 18:02:50 752640 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 18:02:50 704512 ----a-w- C:\windows\SysWow64\ieapfltr.dll
2014-06-11 18:02:50 696832 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2014-06-11 18:02:50 51200 ----a-w- C:\windows\System32\jsproxy.dll
2014-06-11 18:02:50 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-06-11 18:02:50 4244992 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-11 18:02:50 33792 ----a-w- C:\windows\System32\iernonce.dll
2014-06-11 18:02:50 235224 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-06-11 18:02:50 1790976 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-11 18:02:50 164864 ----a-w- C:\windows\SysWow64\msrating.dll
2014-06-11 18:02:50 1191936 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2014-06-11 18:02:49 574976 ----a-w- C:\windows\System32\ieui.dll
2014-06-11 18:02:49 570368 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-06-11 18:02:49 295424 ----a-w- C:\windows\System32\dxtrans.dll
2014-06-11 18:02:49 1850880 ----a-w- C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-06-11 18:02:49 1796608 ----a-w- C:\Program Files\Internet Explorer\F12.dll
2014-06-11 18:02:49 13522944 ----a-w- C:\windows\System32\ieframe.dll
2014-06-11 18:02:48 85504 ----a-w- C:\windows\System32\mshtmled.dll
2014-06-11 18:02:48 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-06-11 18:02:48 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-06-11 18:02:48 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-06-11 18:02:47 846336 ----a-w- C:\windows\System32\ieapfltr.dll
2014-06-11 18:02:47 5782528 ----a-w- C:\windows\System32\jscript9.dll
2014-06-11 18:02:47 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-06-11 18:02:47 2266112 ----a-w- C:\windows\System32\wininet.dll
2014-06-11 18:02:46 871936 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2014-06-11 18:02:45 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-06-11 18:02:45 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-06-11 18:02:45 195584 ----a-w- C:\windows\System32\msrating.dll
2014-06-11 18:02:44 977408 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 18:02:44 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-06-11 18:02:43 23414784 ----a-w- C:\windows\System32\mshtml.dll
2014-06-11 18:02:40 801280 ----a-w- C:\windows\System32\usp10.dll
2014-06-11 18:02:39 626688 ----a-w- C:\windows\SysWow64\usp10.dll
2014-06-11 18:02:39 288192 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 18:02:39 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-06-11 18:02:38 2002432 ----a-w- C:\windows\System32\msxml6.dll
2014-06-11 18:02:38 1882112 ----a-w- C:\windows\System32\msxml3.dll
2014-06-11 18:02:38 1389056 ----a-w- C:\windows\SysWow64\msxml6.dll
2014-06-11 18:02:37 2048 ----a-w- C:\windows\SysWow64\msxml6r.dll
2014-06-11 18:02:37 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-06-11 18:02:37 2048 ----a-w- C:\windows\System32\msxml6r.dll
2014-06-11 18:02:37 2048 ----a-w- C:\windows\System32\msxml3r.dll
2014-06-11 18:02:37 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-06-11 18:02:36 3178496 ----a-w- C:\windows\System32\rdpcorets.dll
2014-06-11 18:02:36 16384 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll
2014-06-11 18:02:10 506368 ----a-w- C:\windows\System32\aepdu.dll
2014-06-11 18:02:08 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-10 16:07:56 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A734F3BC-608B-4619-8871-060ADDE3F0B5}\mpengine.dll
2014-06-10 10:52:21 -------- d-----w- C:\Users\user\AppData\Roaming\EDrawings
2014-06-10 10:50:05 -------- d-----w- C:\Program Files (x86)\Common Files\eDrawings2014
2014-06-10 07:14:00 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2014-06-10 07:13:55 264616 ----a-w- C:\windows\SysWow64\javaws.exe
2014-06-10 07:13:50 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-06-10 07:13:50 175528 ----a-w- C:\windows\SysWow64\javaw.exe
2014-06-10 07:13:50 175528 ----a-w- C:\windows\SysWow64\java.exe
2014-06-09 12:42:37 -------- d-----w- C:\Users\user\AppData\Local\Windows Live
2014-06-09 12:42:21 -------- d-----w- C:\Users\user\AppData\Local\{678F9671-6DFE-48A6-AEED-5BF54F0C57A8}
2014-06-03 14:47:52 -------- d-----w- C:\ProgramData\F-Secure
2014-05-16 07:56:24 1619632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
2014-05-13 20:32:04 649504 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
2014-05-13 19:42:34 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-05-13 19:42:33 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-13 19:42:33 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-13 19:42:33 3969984 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2014-05-13 19:42:32 722944 ----a-w- C:\windows\System32\objsel.dll
2014-05-13 19:42:32 5550016 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-05-13 19:42:32 455168 ----a-w- C:\windows\System32\winlogon.exe
2014-05-13 19:42:32 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2014-05-13 19:42:32 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-13 19:42:32 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-13 19:42:31 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-13 19:42:31 538112 ----a-w- C:\windows\SysWow64\objsel.dll
2014-05-13 19:42:30 424960 ----a-w- C:\windows\System32\KernelBase.dll
2014-05-13 19:42:30 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2014-05-13 19:42:30 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-13 19:42:29 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-13 19:42:29 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-13 19:42:29 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-05-13 19:42:28 57344 ----a-w- C:\windows\System32\cngprovider.dll
2014-05-13 19:42:28 56832 ----a-w- C:\windows\System32\adprovider.dll
2014-05-13 19:42:28 44544 ----a-w- C:\windows\System32\dimsroam.dll
2014-05-13 19:42:28 36864 ----a-w- C:\windows\SysWow64\dimsroam.dll
2014-05-13 19:42:28 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-13 19:42:28 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-13 19:42:27 53760 ----a-w- C:\windows\System32\capiprovider.dll
2014-05-13 19:42:27 52736 ----a-w- C:\windows\System32\dpapiprovider.dll
2014-05-13 19:42:27 51200 ----a-w- C:\windows\SysWow64\cngprovider.dll
2014-05-13 19:42:27 49664 ----a-w- C:\windows\SysWow64\adprovider.dll
2014-05-13 19:42:27 48128 ----a-w- C:\windows\SysWow64\capiprovider.dll
2014-05-13 19:42:26 47616 ----a-w- C:\windows\SysWow64\dpapiprovider.dll
2014-05-13 19:42:24 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-05-13 19:42:23 39936 ----a-w- C:\windows\System32\wincredprovider.dll
2014-05-13 19:42:23 35328 ----a-w- C:\windows\SysWow64\wincredprovider.dll
2014-05-13 19:42:23 31232 ----a-w- C:\windows\System32\lsass.exe
2014-05-13 19:42:23 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-05-13 19:42:22 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-05-13 19:42:22 28160 ----a-w- C:\windows\System32\secur32.dll
2014-05-13 19:42:22 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-05-13 19:42:22 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-13 19:42:22 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-13 19:42:21 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-05-13 19:42:12 14175744 ----a-w- C:\windows\System32\shell32.dll
2014-05-13 19:42:11 12874240 ----a-w- C:\windows\SysWow64\shell32.dll
2014-05-10 08:48:57 -------- d-s---w- C:\windows\System32\CompatTel
2014-05-07 18:34:29 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-05-07 18:34:24 43152 ----a-w- C:\windows\avastSS.scr
.
==================== Find6M  ====================
.
2014-06-12 19:09:25 95414520 ----a-w- C:\windows\System32\MRT.exe
2014-05-16 21:11:25 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-16 21:11:25 423240 ----a-w- C:\windows\System32\drivers\aswsp.sys
2014-05-16 21:11:25 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-13 20:28:54 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 20:28:54 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 06:25:56 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-07 18:34:26 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-05-07 18:34:26 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-05-07 18:34:26 334648 ----a-w- C:\windows\System32\aswBoot.exe
2014-05-07 18:34:26 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-05-07 18:34:25 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-03-31 21:46:48 1070232 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 08:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:44:00 1163264 ----a-w- C:\windows\System32\kernel32.dll
2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 09:16:17 1114112 ----a-w- C:\windows\SysWow64\kernel32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
2014-01-24 02:37:55 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-19 13:11:27 64288 ----a-w- C:\windows\System32\drivers\aswTdi.sys
.
============= FINISH: 11:49:52.42 ===============

 

 

 

 

 

 

Attach Log

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08/08/2012 11:19:23
System Uptime: 15/06/2014 11:40:47 (0 hours ago)
.
Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1
Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 389 GiB total, 103.056 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP253: 20/05/2014 19:58:57 - Windows Update
RP254: 24/05/2014 22:45:48 - Windows Update
RP255: 30/05/2014 16:44:57 - Windows Update
RP256: 03/06/2014 23:03:21 - Windows Update
RP257: 10/06/2014 08:12:36 - Installed Java 7 Update 60
RP258: 10/06/2014 11:49:12 - Installed eDrawings 2014.
RP259: 10/06/2014 17:06:42 - Windows Update
RP261: 12/06/2014 18:31:13 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.9) MUI
Amazon MP3 Downloader 1.0.17
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
avast! Free Antivirus
Avolites Personality Builder
Avolites Titan
Avolites Titan Mobile
Avolites Titan One
Avolites Titan PC Suite 7.0
Avolites Titan Simulator
Avolites Usb Expert
Avolites Virtual Panel
Avolites Visualiser
Battlefield 3™
Battlelog Web Plugins
BBC iPlayer Desktop
Bluetooth Stack for Windows by Toshiba
Bonjour
Canon MG2100 series MP Drivers
Canon MG2100 series User Registration
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CITP Active Fixture
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD43 Plug-in v1.0.0.6
DVDFab 9.0.5.5 (26/07/2013)
eDrawings 2014
ESET Online Scanner v3
ESN Sonar
Flixster
FreeStyle Auto-Assist
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Greener Web
HandBrake 0.9.9.1
High-Definition Video Playback
HP Photosmart 7510 series Basic Device Software
HP Unified IO
ImgBurn
inSSIDer Office
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 25 (64-bit)
Java 7 Update 60
Java Auto Updater
Junk Mail filter update
Log Viewer Pro
Malwarebytes Anti-Malware version 2.0.2.1012
Media Go
Media Go Video Playback Engine 1.96.120.08260
Media Player Codec Pack 4.2.5
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 11 Essentials
Nero 11 Kwik Themes Basic
Nero BackItUp 11
Nero BackItUp 11 Help (CHM)
Nero Backup Drivers
Nero BurnRights 11
Nero BurnRights 11 Help (CHM)
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero Express 11
Nero Express 11 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero Update
nero.prerequisites.msi
Origin
Pearl 2004 Simulator
PlayReady PC Runtime amd64
PlayStation®Network Downloader
PlayStation®Store
Premium Sound HD
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remtek Systems LTD Online Assistance
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SCS 10.3.1
SCS 11.1.4
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
SolidWorks 2012 x64 Edition SP02
SolidWorks eDrawings 2012 x64 Edition SP02
SolidWorks Flow Simulation 2012 SP02 x64 Edition
Sony Ericsson Update Engine
Sony PC Companion 2.10.206
Spotify
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
VLC media player 2.0.5
welcome
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinRAR 4.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
15/06/2014 11:42:28, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/06/2014 10:41:59, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================

 

 

 

During the GMER scan my PC was forced to shutdown by an unkown error so I am re running the GMER scan now

 



#4 quick94

quick94
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 15 June 2014 - 06:45 AM

GMER Scan Log:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-15 12:44:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465.76GB
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kgtdipob.sys

---- User code sections - GMER 2.1 ----

.text    C:\windows\system32\wininit.exe[784] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                            00000000772def8d 1 byte [62]
.text    C:\windows\system32\services.exe[848] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\windows\system32\winlogon.exe[888] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\windows\system32\atiesrxx.exe[1048] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          00000000772def8d 1 byte [62]
.text    C:\windows\System32\svchost.exe[1176] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\windows\system32\svchost.exe[1240] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\windows\system32\svchost.exe[1544] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\Windows\System32\GFNEXSrv.exe[1840] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2116] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                              0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2144] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112              0000000076d4a2fd 1 byte [62]
.text    C:\windows\system32\taskhost.exe[2384] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                          00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe[2520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112         0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2588] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                    0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                          0000000076d4a2fd 1 byte [62]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                               0000000074f01a22 2 bytes [F0, 74]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                               0000000074f01ad0 2 bytes [F0, 74]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                               0000000074f01b08 2 bytes [F0, 74]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                               0000000074f01bba 2 bytes [F0, 74]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                               0000000074f01bda 2 bytes [F0, 74]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000075101465 2 bytes [10, 75]
.text    C:\windows\SysWOW64\PnkBstrA.exe[2648] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe[2820] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                       00000000772def8d 1 byte [62]
.text    C:\windows\Explorer.EXE[2980] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                   00000000772def8d 1 byte [62]
.text    C:\windows\system32\TODDSrv.exe[3036] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[3064] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                         00000000772def8d 1 byte [62]
.text    C:\windows\System32\svchost.exe[2272] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           00000000772def8d 1 byte [62]
.text    C:\Program Files\TOSHIBA\TECO\TecoService.exe[3196] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                             00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[4428] C:\windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                      00000000772def8d 1 byte [62]
.text    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5112] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                           00000000772def8d 1 byte [62]
.text    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4160] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                         00000000772def8d 1 byte [62]
.text    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[1756] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                          00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                             0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!GetMenu + 412                                                      0000000076e451dd 7 bytes JMP 0000000110053ac0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!PeekMessageA + 407                                                 0000000076e4610b 7 bytes JMP 0000000110053c10
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131                                   0000000076e4c6c1 7 bytes JMP 0000000110053bf0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!MessageBoxIndirectA + 199                                          0000000076e8fc98 7 bytes JMP 0000000110053c60
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!MessageBoxIndirectW + 52                                           0000000076e8fcd1 7 bytes JMP 0000000110053d30
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\USER32.dll!MessageBoxExA + 31                                                 0000000076e8fcf5 7 bytes JMP 0000000110053ce0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                           0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[4224] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                          00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4216] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                             0000000076d4a2fd 1 byte [62]
.text    C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[2944] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1448] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112  0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4548] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                            0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                          0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4548] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                         00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe[4800] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                         0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4532] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe[2928] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                           0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[5364] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                       00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5536] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                     0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5572] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                     0000000076d4a2fd 1 byte [62]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[5612] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                  0000000076d28791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text    C:\Program Files\AVAST Software\Avast\avastui.exe[5612] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5620] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                            0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[5636] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                          0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe[5980] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                 0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe[6016] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                     0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe[6088] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                               0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6116] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[6116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5196] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                     0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5196] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                    00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5656] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                       0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5924] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                        0000000076d4a2fd 1 byte [62]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075101465 2 bytes [10, 75]
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5924] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000751014bb 2 bytes [10, 75]
.text    ...                                                                                                                                                                   * 2
.text    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5948] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                        00000000772def8d 1 byte [62]
.text    C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe[6564] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                      00000000772def8d 1 byte [62]
.text    C:\Users\user\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[2364] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                  0000000076d4a2fd 1 byte [62]
---- Processes - GMER 2.1 ----

Process  C:\Users\user\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe (*** suspicious ***) @ C:\Users\user\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe [2364](2014-01-28 17:36:04)  0000000000400000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57aabd58                                                                                          
Reg      HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                      8036
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57aabd58 (not active ControlSet)                                                                      

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----



#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:57 PM

Posted 17 June 2014 - 11:29 AM

Please download ComboFix from one of these locations:
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
     

    Query_RC.gif

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     

    RC_successful.gif

     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
     
     
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #6 quick94

    quick94
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:57 AM

    Posted 18 June 2014 - 07:29 AM

    Combo Fix log:

     

    ComboFix 14-06-16.01 - user 18/06/2014  13:15:38.2.4 - x64
    Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.6033 [GMT 1:00]
    Running from: c:\users\user\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-05-18 to 2014-06-18  )))))))))))))))))))))))))))))))
    .
    .
    2014-06-18 12:24 . 2014-06-18 12:24 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-06-18 12:24 . 2014-06-18 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-06-18 12:17 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD154E18-8A68-439F-819C-BB026B3DC97B}\mpengine.dll
    2014-06-12 16:22 . 2010-08-30 07:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-06-12 16:21 . 2014-06-12 16:27 -------- d-----w- C:\AdwCleaner
    2014-06-12 16:18 . 2014-06-12 16:29 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-06-12 16:18 . 2014-06-12 16:18 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-06-12 16:18 . 2014-05-12 06:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-06-12 16:18 . 2014-05-12 06:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-06-12 15:26 . 2014-06-12 15:28 -------- d-----w- C:\FRST
    2014-06-12 13:56 . 2014-06-12 13:56 -------- d-----w- c:\program files (x86)\ESET
    2014-06-12 13:20 . 2014-06-12 13:20 -------- d-----w- C:\ddfec6a035c9168dc3f3f570e867
    2014-06-12 13:19 . 2014-06-12 13:20 -------- d-----w- c:\program files (x86)\BitLord 2
    2014-06-12 13:19 . 2014-06-12 13:19 -------- d-----w- c:\users\user\AppData\Roaming\Plarium
    2014-06-11 18:03 . 2014-05-30 08:42 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-06-11 18:03 . 2014-06-02 06:03 810200 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2014-06-11 18:03 . 2014-05-30 09:49 48640 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
    2014-06-11 18:03 . 2014-05-30 08:32 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
    2014-06-11 18:03 . 2014-05-30 08:27 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-06-10 10:52 . 2014-06-10 10:52 -------- d-----w- c:\users\user\AppData\Roaming\EDrawings
    2014-06-10 10:50 . 2014-06-10 10:50 -------- d-----w- c:\program files (x86)\Common Files\eDrawings2014
    2014-06-10 07:14 . 2014-06-10 07:14 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-06-10 07:13 . 2014-05-07 14:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-06-09 12:42 . 2014-06-09 12:43 -------- d-----w- c:\users\user\AppData\Local\Windows Live
    2014-06-03 14:47 . 2014-06-03 14:47 -------- d-----w- c:\programdata\F-Secure
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-06-12 19:09 . 2012-08-08 15:18 95414520 ----a-w- c:\windows\system32\MRT.exe
    2014-05-16 21:11 . 2014-01-08 18:08 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-16 21:11 . 2013-04-07 20:23 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-05-16 21:11 . 2013-04-07 20:23 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-13 20:28 . 2012-05-08 18:27 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-05-13 20:28 . 2012-05-08 18:27 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-05-12 06:25 . 2013-05-26 21:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-07 18:34 . 2014-05-07 18:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-05-07 18:34 . 2013-04-07 20:23 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-05-07 18:34 . 2013-04-07 20:23 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-05-07 18:34 . 2013-04-07 20:23 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-07 18:34 . 2013-04-07 20:23 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-05-07 18:34 . 2013-04-07 20:23 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-05-07 18:34 . 2014-05-07 18:34 43152 ----a-w- c:\windows\avastSS.scr
    2014-04-12 02:22 . 2014-05-13 19:42 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-04-12 02:22 . 2014-05-13 19:42 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-04-12 02:19 . 2014-05-13 19:42 136192 ----a-w- c:\windows\system32\sspicli.dll
    2014-04-12 02:19 . 2014-05-13 19:42 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2014-04-12 02:19 . 2014-05-13 19:42 28160 ----a-w- c:\windows\system32\secur32.dll
    2014-04-12 02:19 . 2014-05-13 19:42 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-04-12 02:19 . 2014-05-13 19:42 31232 ----a-w- c:\windows\system32\lsass.exe
    2014-04-12 02:12 . 2014-05-13 19:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-04-12 02:10 . 2014-05-13 19:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-03-31 21:46 . 2014-03-31 21:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2014-03-31 08:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-03-25 02:43 . 2014-05-13 19:42 14175744 ----a-w- c:\windows\system32\shell32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-04-01 466144]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-08 39408]
    "HP Photosmart 7510 series (NET)"="c:\program files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "Spotify Web Helper"="c:\users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-05-16 1176632]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-10 3890208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2012-2-4 2824104]
    FreeStyle Auto-Assist.lnk - c:\program files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe [2013-3-31 64336]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 Avolites CITP Active Fixture;Avolites CITP Active Fixture;c:\program files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe;c:\program files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe [x]
    R3 Avolites Expert Usb;Avolites Expert Usb;c:\program files (x86)\Avolites\UsbExpert\UsbExpertService.exe;c:\program files (x86)\Avolites\UsbExpert\UsbExpertService.exe [x]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [x]
    R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
    R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
    S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-25 20:31 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 20:28]
    .
    2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 18:32]
    .
    2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-08 18:32]
    .
    2014-06-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2014-06-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-07 18:34 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
    "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
    "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2012-05-08 150992]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-03-22 2165120]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://bbc.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.13"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-06-18  13:26:57
    ComboFix-quarantined-files.txt  2014-06-18 12:26
    .
    Pre-Run: 120,833,536,000 bytes free
    Post-Run: 123,566,452,736 bytes free
    .
    - - End Of File - - 0CC2DA6536E144F1C550A65F925CC7E4
     



    #7 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:57 PM

    Posted 19 June 2014 - 07:46 PM

    Hello,

     

    Ok, this seems to be a bit tricky. Let's try to get track of it.

     

     

     
    Please download Farbar Recovery Scan Tool and save it to your Desktop.
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
  • Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #8 quick94

    quick94
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:57 AM

    Posted 21 June 2014 - 07:15 PM

    FRST Log.

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
    Ran by user (administrator) on USER-TOSH on 22-06-2014 01:13:36
    Running from C:\Users\user\Desktop
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    () C:\Windows\System32\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
    (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe
    () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
    (Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
    (Abbott Diabetes Care) C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeBtMng.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
    (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
    (Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
    HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-08] (Toshiba Europe GmbH)
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-16] (Realtek Semiconductor)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
    HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-10] (AVAST Software)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKU\.DEFAULT\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
    HKU\S-1-5-21-2555551493-1212336546-1926543129-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
    HKU\S-1-5-21-2555551493-1212336546-1926543129-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-08] (Google Inc.)
    HKU\S-1-5-21-2555551493-1212336546-1926543129-1000\...\Run: [HP Photosmart 7510 series (NET)] => C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2555551493-1212336546-1926543129-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FreeStyle Auto-Assist.lnk
    ShortcutTarget: FreeStyle Auto-Assist.lnk -> C:\Program Files (x86)\Abbott Diabetes Care\FreeStyle Auto-Assist\BGTrayApp.exe (Abbott Diabetes Care)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbc.co.uk/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {AAC90E48-FDB4-4A2F-A7A6-826F39A9A937} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM - {AAC90E48-FDB4-4A2F-A7A6-826F39A9A937} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {AAC90E48-FDB4-4A2F-A7A6-826F39A9A937} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
    SearchScopes: HKCU - DefaultScope {AAC90E48-FDB4-4A2F-A7A6-826F39A9A937} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB496
    SearchScopes: HKCU - 10AAE53E3FC94075AF74DCA63CF1993F URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB496
    SearchScopes: HKCU - {AAC90E48-FDB4-4A2F-A7A6-826F39A9A937} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB496
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
    CHR StartupUrls: "hxxp://www.bbc.co.uk/"
    CHR DefaultSearchKeyword: google.co.uk
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
    CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]

    ==================== Services (Whitelisted) =================

    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-08] (Adobe Systems) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-07] (AVAST Software)
    S3 Avolites CITP Active Fixture; C:\Program Files (x86)\Avolites\CITP Active Fixture\Active Fixture Service.exe [56320 2013-07-23] (Avolites) [File not signed]
    S3 Avolites Expert Usb; C:\Program Files (x86)\Avolites\UsbExpert\UsbExpertService.exe [8704 2013-08-19] (Avolites) [File not signed]
    R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-10] ()
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
    R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-04-28] ()
    S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [113800 2011-12-09] (Mentor Graphics Corporation)
    S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-09-24] (SolidWorks) [File not signed]
    R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)

    ==================== Drivers (Whitelisted) ====================

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-07] ()
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-06] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-07] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-07] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-07] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-16] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-16] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-16] (AVAST Software)
    R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-07] ()
    S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [260608 2012-02-27] (Jungo)
    S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-06-22 01:12 - 2014-06-22 01:12 - 02083328 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2014-06-18 13:28 - 2014-06-18 13:28 - 00025556 _____ () C:\Users\user\Desktop\Combofix.txt
    2014-06-18 13:26 - 2014-06-18 13:26 - 00025556 _____ () C:\ComboFix.txt
    2014-06-18 13:13 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
    2014-06-18 13:13 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
    2014-06-18 13:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
    2014-06-18 13:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
    2014-06-18 13:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
    2014-06-18 13:13 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
    2014-06-18 13:13 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
    2014-06-18 13:13 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
    2014-06-18 13:11 - 2014-06-18 13:11 - 05206841 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
    2014-06-15 12:52 - 2014-06-15 12:52 - 00276720 _____ () C:\windows\Minidump\061514-21372-01.dmp
    2014-06-15 12:44 - 2014-06-15 12:44 - 00018027 _____ () C:\Users\user\Desktop\GMER.txt
    2014-06-15 12:19 - 2014-06-15 12:19 - 00276720 _____ () C:\windows\Minidump\061514-23883-01.dmp
    2014-06-15 11:50 - 2014-06-15 11:50 - 00095036 _____ () C:\Users\user\Desktop\dds.txt
    2014-06-15 11:49 - 2014-06-15 11:49 - 00370943 _____ () C:\Users\user\Desktop\gmer.zip
    2014-06-12 18:15 - 2014-06-12 18:15 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.com
    2014-06-12 17:27 - 2014-06-12 17:27 - 00003626 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
    2014-06-12 17:24 - 2014-06-12 17:24 - 00003580 _____ () C:\Users\user\Desktop\AdwCleaner[R0].txt
    2014-06-12 17:22 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
    2014-06-12 17:21 - 2014-06-12 17:27 - 00000000 ____D () C:\AdwCleaner
    2014-06-12 17:20 - 2014-06-12 17:20 - 01333465 _____ () C:\Users\user\Downloads\AdwCleaner.exe
    2014-06-12 17:20 - 2014-06-12 17:20 - 00083451 _____ () C:\Users\user\Desktop\Minitoolbox.txt
    2014-06-12 17:19 - 2014-06-12 17:20 - 00083451 _____ () C:\Users\user\Downloads\Result.txt
    2014-06-12 17:18 - 2014-06-12 17:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-12 17:18 - 2014-06-12 17:19 - 00400384 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
    2014-06-12 17:18 - 2014-06-12 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-12 17:18 - 2014-06-12 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-12 17:18 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2014-06-12 17:18 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2014-06-12 16:59 - 2014-06-12 17:53 - 00001052 _____ () C:\Users\user\Desktop\MBAM.txt
    2014-06-12 16:31 - 2014-06-22 01:13 - 00028812 _____ () C:\Users\user\Desktop\FRST.txt
    2014-06-12 16:31 - 2014-06-12 16:31 - 00053054 _____ () C:\Users\user\Desktop\Addition.txt
    2014-06-12 16:27 - 2014-06-12 16:28 - 00053054 _____ () C:\Users\user\Downloads\Addition.txt
    2014-06-12 16:26 - 2014-06-22 01:13 - 00000000 ____D () C:\FRST
    2014-06-12 16:26 - 2014-06-12 16:28 - 00046736 _____ () C:\Users\user\Downloads\FRST.txt
    2014-06-12 16:23 - 2014-06-12 16:23 - 02081792 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
    2014-06-12 14:56 - 2014-06-12 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-06-12 14:52 - 2014-06-12 14:55 - 00002120 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-06-12 14:52 - 2014-06-12 14:52 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe
    2014-06-12 14:20 - 2014-06-12 17:12 - 00000000 ____D () C:\Users\user\Documents\BitLord
    2014-06-12 14:20 - 2014-06-12 14:20 - 00000000 ____D () C:\ddfec6a035c9168dc3f3f570e867
    2014-06-12 14:19 - 2014-06-12 14:32 - 00002594 _____ () C:\Users\user\Desktop\Game - Total Domination.lnk
    2014-06-12 14:19 - 2014-06-12 14:20 - 00000000 ____D () C:\Program Files (x86)\BitLord 2
    2014-06-12 14:19 - 2014-06-12 14:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Plarium
    2014-06-12 14:19 - 2014-06-12 14:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
    2014-06-11 19:03 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-06-11 19:03 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-06-11 19:03 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-06-11 19:03 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-06-11 19:02 - 2014-06-08 10:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-06-11 19:02 - 2014-06-08 10:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-06-11 19:02 - 2014-05-30 11:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-06-11 19:02 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-06-11 19:02 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-06-11 19:02 - 2014-05-30 10:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-06-11 19:02 - 2014-05-30 10:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-06-11 19:02 - 2014-05-30 10:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-06-11 19:02 - 2014-05-30 10:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-06-11 19:02 - 2014-05-30 10:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-06-11 19:02 - 2014-05-30 10:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-06-11 19:02 - 2014-05-30 10:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-06-11 19:02 - 2014-05-30 10:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-06-11 19:02 - 2014-05-30 10:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-06-11 19:02 - 2014-05-30 10:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-06-11 19:02 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-06-11 19:02 - 2014-05-30 10:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-06-11 19:02 - 2014-05-30 10:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-06-11 19:02 - 2014-05-30 10:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-06-11 19:02 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-06-11 19:02 - 2014-05-30 09:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-06-11 19:02 - 2014-05-30 09:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-06-11 19:02 - 2014-05-30 09:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-06-11 19:02 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-06-11 19:02 - 2014-05-30 09:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-06-11 19:02 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-06-11 19:02 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-06-11 19:02 - 2014-05-30 09:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-06-11 19:02 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-06-11 19:02 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-06-11 19:02 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-06-11 19:02 - 2014-05-30 09:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-06-11 19:02 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-06-11 19:02 - 2014-05-30 09:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-06-11 19:02 - 2014-05-30 09:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-06-11 19:02 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-06-11 19:02 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-06-11 19:02 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-06-11 19:02 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-06-11 19:02 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-06-11 19:02 - 2014-05-30 08:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-06-11 19:02 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-06-11 19:02 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-06-11 19:02 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-06-11 19:02 - 2014-05-30 08:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-06-11 19:02 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-06-11 19:02 - 2014-05-30 08:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-06-11 19:02 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-06-11 19:02 - 2014-05-30 08:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-06-11 19:02 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-06-11 19:02 - 2014-05-08 10:32 - 03178496 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
    2014-06-11 19:02 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
    2014-06-11 19:02 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
    2014-06-11 19:02 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
    2014-06-11 19:02 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2014-06-11 19:02 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2014-06-11 19:02 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
    2014-06-11 19:02 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
    2014-06-11 19:02 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
    2014-06-11 19:02 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
    2014-06-11 19:02 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
    2014-06-11 19:02 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
    2014-06-11 19:02 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
    2014-06-11 19:02 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
    2014-06-11 10:20 - 2014-06-11 15:46 - 00011375 _____ () C:\Users\user\Desktop\2nd year results.xlsx
    2014-06-10 11:52 - 2014-06-10 11:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\EDrawings
    2014-06-10 11:50 - 2014-06-10 11:50 - 00002076 _____ () C:\Users\Public\Desktop\eDrawings 2014.lnk
    2014-06-10 11:50 - 2014-06-10 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
    2014-06-10 08:13 - 2014-06-10 08:13 - 00004278 _____ () C:\windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-10 08:13 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-06-10 08:13 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
    2014-06-10 08:13 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
    2014-06-10 08:13 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
    2014-06-09 13:42 - 2014-06-09 13:43 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live
    2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\user\AppData\Local\{678F9671-6DFE-48A6-AEED-5BF54F0C57A8}
    2014-06-09 11:19 - 2014-06-10 11:51 - 00000000 ____D () C:\Users\user\Documents\Formula Student
    2014-06-03 15:47 - 2014-06-03 15:47 - 05124208 _____ (F-Secure Corporation) C:\Users\user\Downloads\F-SecureOnlineScanner-HC.exe
    2014-06-03 15:47 - 2014-06-03 15:47 - 00000000 ____D () C:\ProgramData\F-Secure
    2014-06-02 17:15 - 2014-06-02 17:15 - 00003082 _____ () C:\windows\System32\Tasks\{BE78E932-F3EA-419F-9540-A30F6BD452AC}
    2014-05-27 21:37 - 2014-05-27 21:37 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

    ==================== One Month Modified Files and Folders =======

    2014-06-22 01:14 - 2014-06-12 16:31 - 00028812 _____ () C:\Users\user\Desktop\FRST.txt
    2014-06-22 01:13 - 2014-06-12 16:26 - 00000000 ____D () C:\FRST
    2014-06-22 01:12 - 2014-06-22 01:12 - 02083328 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2014-06-22 01:10 - 2012-06-14 08:57 - 00343426 _____ () C:\windows\DPINST.LOG
    2014-06-22 01:08 - 2012-06-14 08:46 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2014-06-22 01:08 - 2012-05-08 19:32 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-22 01:08 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
    2014-06-22 01:08 - 2009-07-14 05:51 - 00123394 _____ () C:\windows\setupact.log
    2014-06-20 20:37 - 2010-11-21 04:47 - 00437340 _____ () C:\windows\PFRO.log
    2014-06-18 13:41 - 2012-06-14 08:40 - 01750396 _____ () C:\windows\WindowsUpdate.log
    2014-06-18 13:30 - 2012-05-08 19:32 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-18 13:28 - 2014-06-18 13:28 - 00025556 _____ () C:\Users\user\Desktop\Combofix.txt
    2014-06-18 13:27 - 2013-07-23 17:50 - 00000000 ____D () C:\Qoobox
    2014-06-18 13:27 - 2012-05-08 19:27 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
    2014-06-18 13:26 - 2014-06-18 13:26 - 00025556 _____ () C:\ComboFix.txt
    2014-06-18 13:24 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
    2014-06-18 13:17 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-06-18 13:17 - 2009-07-14 05:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-06-18 13:11 - 2014-06-18 13:11 - 05206841 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
    2014-06-18 13:10 - 2013-04-07 21:23 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
    2014-06-18 13:08 - 2012-06-14 08:46 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2014-06-15 14:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
    2014-06-15 12:52 - 2014-06-15 12:52 - 00276720 _____ () C:\windows\Minidump\061514-21372-01.dmp
    2014-06-15 12:52 - 2012-09-21 15:59 - 00000000 ____D () C:\windows\Minidump
    2014-06-15 12:52 - 2012-09-21 15:58 - 824263348 _____ () C:\windows\MEMORY.DMP
    2014-06-15 12:44 - 2014-06-15 12:44 - 00018027 _____ () C:\Users\user\Desktop\GMER.txt
    2014-06-15 12:19 - 2014-06-15 12:19 - 00276720 _____ () C:\windows\Minidump\061514-23883-01.dmp
    2014-06-15 11:50 - 2014-06-15 11:50 - 00095036 _____ () C:\Users\user\Desktop\dds.txt
    2014-06-15 11:50 - 2013-07-23 16:09 - 00011165 _____ () C:\Users\user\Desktop\attach.txt
    2014-06-15 11:49 - 2014-06-15 11:49 - 00370943 _____ () C:\Users\user\Desktop\gmer.zip
    2014-06-12 20:11 - 2013-08-04 19:48 - 00000000 ____D () C:\windows\system32\MRT
    2014-06-12 20:09 - 2012-08-08 16:18 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
    2014-06-12 20:08 - 2012-08-23 12:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-06-12 18:32 - 2014-05-10 09:48 - 00000000 ___SD () C:\windows\system32\CompatTel
    2014-06-12 18:15 - 2014-06-12 18:15 - 00688992 ____R (Swearware) C:\Users\user\Downloads\dds.com
    2014-06-12 17:53 - 2014-06-12 16:59 - 00001052 _____ () C:\Users\user\Desktop\MBAM.txt
    2014-06-12 17:29 - 2014-06-12 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-12 17:27 - 2014-06-12 17:27 - 00003626 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
    2014-06-12 17:27 - 2014-06-12 17:21 - 00000000 ____D () C:\AdwCleaner
    2014-06-12 17:24 - 2014-06-12 17:24 - 00003580 _____ () C:\Users\user\Desktop\AdwCleaner[R0].txt
    2014-06-12 17:20 - 2014-06-12 17:20 - 01333465 _____ () C:\Users\user\Downloads\AdwCleaner.exe
    2014-06-12 17:20 - 2014-06-12 17:20 - 00083451 _____ () C:\Users\user\Desktop\Minitoolbox.txt
    2014-06-12 17:20 - 2014-06-12 17:19 - 00083451 _____ () C:\Users\user\Downloads\Result.txt
    2014-06-12 17:19 - 2014-06-12 17:18 - 00400384 _____ (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
    2014-06-12 17:18 - 2014-06-12 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-06-12 17:18 - 2014-06-12 17:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-06-12 17:18 - 2013-05-26 22:14 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-06-12 17:18 - 2013-05-26 22:14 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
    2014-06-12 17:18 - 2013-05-26 22:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-06-12 17:12 - 2014-06-12 14:20 - 00000000 ____D () C:\Users\user\Documents\BitLord
    2014-06-12 16:31 - 2014-06-12 16:31 - 00053054 _____ () C:\Users\user\Desktop\Addition.txt
    2014-06-12 16:28 - 2014-06-12 16:27 - 00053054 _____ () C:\Users\user\Downloads\Addition.txt
    2014-06-12 16:28 - 2014-06-12 16:26 - 00046736 _____ () C:\Users\user\Downloads\FRST.txt
    2014-06-12 16:23 - 2014-06-12 16:23 - 02081792 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
    2014-06-12 14:56 - 2014-06-12 14:56 - 00000000 ____D () C:\Program Files (x86)\ESET
    2014-06-12 14:55 - 2014-06-12 14:52 - 00002120 _____ () C:\Users\user\Desktop\Rkill.txt
    2014-06-12 14:52 - 2014-06-12 14:52 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\user\Downloads\rkill.exe
    2014-06-12 14:49 - 2014-02-11 14:36 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
    2014-06-12 14:32 - 2014-06-12 14:19 - 00002594 _____ () C:\Users\user\Desktop\Game - Total Domination.lnk
    2014-06-12 14:20 - 2014-06-12 14:20 - 00000000 ____D () C:\ddfec6a035c9168dc3f3f570e867
    2014-06-12 14:20 - 2014-06-12 14:19 - 00000000 ____D () C:\Program Files (x86)\BitLord 2
    2014-06-12 14:19 - 2014-06-12 14:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Plarium
    2014-06-12 14:19 - 2014-06-12 14:19 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
    2014-06-11 15:46 - 2014-06-11 10:20 - 00011375 _____ () C:\Users\user\Desktop\2nd year results.xlsx
    2014-06-11 12:19 - 2012-10-10 00:09 - 00000502 _____ () C:\Users\user\Desktop\Liverpool John Moores University - Blackboard.website
    2014-06-11 10:43 - 2013-03-05 20:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
    2014-06-10 11:52 - 2014-06-10 11:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\EDrawings
    2014-06-10 11:52 - 2012-09-24 12:23 - 00000000 ____D () C:\Users\user\AppData\Roaming\SolidWorks
    2014-06-10 11:51 - 2014-06-09 11:19 - 00000000 ____D () C:\Users\user\Documents\Formula Student
    2014-06-10 11:50 - 2014-06-10 11:50 - 00002076 _____ () C:\Users\Public\Desktop\eDrawings 2014.lnk
    2014-06-10 11:50 - 2014-06-10 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
    2014-06-10 11:42 - 2009-07-14 06:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
    2014-06-10 08:13 - 2014-06-10 08:13 - 00004278 _____ () C:\windows\SysWOW64\jupdate-1.7.0_60-b19.log
    2014-06-10 08:13 - 2013-11-18 00:55 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-06-09 15:34 - 2014-02-11 14:37 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
    2014-06-09 13:43 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live
    2014-06-09 13:42 - 2014-06-09 13:42 - 00000000 ____D () C:\Users\user\AppData\Local\{678F9671-6DFE-48A6-AEED-5BF54F0C57A8}
    2014-06-08 10:13 - 2014-06-11 19:02 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
    2014-06-08 10:08 - 2014-06-11 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2014-06-06 23:09 - 2013-06-04 01:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\dvdcss
    2014-06-03 15:47 - 2014-06-03 15:47 - 05124208 _____ (F-Secure Corporation) C:\Users\user\Downloads\F-SecureOnlineScanner-HC.exe
    2014-06-03 15:47 - 2014-06-03 15:47 - 00000000 ____D () C:\ProgramData\F-Secure
    2014-06-02 21:43 - 2012-08-30 12:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
    2014-06-02 17:15 - 2014-06-02 17:15 - 00003082 _____ () C:\windows\System32\Tasks\{BE78E932-F3EA-419F-9540-A30F6BD452AC}
    2014-06-02 17:14 - 2012-05-08 19:19 - 00000000 ____D () C:\ProgramData\Skype
    2014-05-30 11:21 - 2014-06-11 19:02 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2014-05-30 11:02 - 2014-06-11 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2014-05-30 11:02 - 2014-06-11 19:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2014-05-30 10:45 - 2014-06-11 19:02 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2014-05-30 10:39 - 2014-06-11 19:02 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2014-05-30 10:39 - 2014-06-11 19:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2014-05-30 10:38 - 2014-06-11 19:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2014-05-30 10:28 - 2014-06-11 19:02 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2014-05-30 10:27 - 2014-06-11 19:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2014-05-30 10:24 - 2014-06-11 19:02 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2014-05-30 10:21 - 2014-06-11 19:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2014-05-30 10:21 - 2014-06-11 19:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2014-05-30 10:20 - 2014-06-11 19:02 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2014-05-30 10:18 - 2014-06-11 19:02 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2014-05-30 10:11 - 2014-06-11 19:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2014-05-30 10:08 - 2014-06-11 19:02 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2014-05-30 10:06 - 2014-06-11 19:02 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2014-05-30 10:02 - 2014-06-11 19:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2014-05-30 09:55 - 2014-06-11 19:02 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2014-05-30 09:49 - 2014-06-11 19:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2014-05-30 09:46 - 2014-06-11 19:02 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2014-05-30 09:44 - 2014-06-11 19:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2014-05-30 09:44 - 2014-06-11 19:02 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2014-05-30 09:43 - 2014-06-11 19:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2014-05-30 09:42 - 2014-06-11 19:03 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2014-05-30 09:38 - 2014-06-11 19:02 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2014-05-30 09:35 - 2014-06-11 19:02 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2014-05-30 09:34 - 2014-06-11 19:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2014-05-30 09:33 - 2014-06-11 19:02 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2014-05-30 09:30 - 2014-06-11 19:02 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2014-05-30 09:29 - 2014-06-11 19:02 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2014-05-30 09:28 - 2014-06-11 19:02 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2014-05-30 09:27 - 2014-06-11 19:03 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2014-05-30 09:24 - 2014-06-11 19:02 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2014-05-30 09:23 - 2014-06-11 19:02 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2014-05-30 09:16 - 2014-06-11 19:02 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2014-05-30 09:10 - 2014-06-11 19:02 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-05-30 09:06 - 2014-06-11 19:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2014-05-30 09:04 - 2014-06-11 19:03 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2014-05-30 09:02 - 2014-06-11 19:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2014-05-30 08:56 - 2014-06-11 19:02 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2014-05-30 08:56 - 2014-06-11 19:02 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2014-05-30 08:54 - 2014-06-11 19:02 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2014-05-30 08:50 - 2014-06-11 19:02 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2014-05-30 08:49 - 2014-06-11 19:02 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2014-05-30 08:43 - 2014-06-11 19:02 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2014-05-30 08:40 - 2014-06-11 19:02 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2014-05-30 08:30 - 2014-06-11 19:02 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2014-05-30 08:21 - 2014-06-11 19:02 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2014-05-30 08:15 - 2014-06-11 19:03 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2014-05-30 08:13 - 2014-06-11 19:02 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2014-05-30 08:13 - 2014-06-11 19:02 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2014-05-27 21:37 - 2014-05-27 21:37 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2014-05-27 21:37 - 2012-09-10 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
    2014-05-27 21:37 - 2012-05-08 19:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-05-25 18:52 - 2009-07-14 06:08 - 00032608 _____ () C:\windows\Tasks\SCHEDLGU.TXT

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-06-09 23:22

    ==================== End Of Log ============================



    #9 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:57 PM

    Posted 23 June 2014 - 08:02 PM

    Hello,
     

    We need to run a fix with FRST:
     
    • Please download the attached fixlist.txt file and save it to the same location as FRST
    • Attached File  fixlist.txt   165bytes   3 downloads
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
     
    ============================================
     
    We need to remove programs using "Programs and Features"
     
    Click the "Start" orb on the taskbar, and then click the "Control Panel" button.
    • If you use Category mode, click on Uninstall a Program.
    • If you use Icons mode, click on Program and Features.
     
     
    A list of programs installed will be "populated" (this may take a bit of time).
    If they exist, uninstall the following by clicking on the below entries and selecting "Remove":
     
    BitLord
     
    Additional instructions can be found here if needed
     
     

     

     

    Elle 


    Edited by Blind Faith, 23 June 2014 - 08:02 PM.

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #10 quick94

    quick94
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:57 AM

    Posted 25 June 2014 - 05:58 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2014
    Ran by user at 2014-06-25 23:57:11 Run:1
    Running from C:\Users\user\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium
    C:\Users\user\AppData\Roaming\Plarium
    C:\Users\user\Desktop\Game - Total Domination.lnk
    *****************

    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plarium => Moved successfully.
    C:\Users\user\AppData\Roaming\Plarium => Moved successfully.
    C:\Users\user\Desktop\Game - Total Domination.lnk => Moved successfully.

    ==== End of Fixlog ====

     

    I cant find the bitlord programme for some reason?



    #11 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:57 PM

    Posted 27 June 2014 - 04:53 PM

    Before we move on to the next step. I must ask, is your pc showing any signs of improvement?

     

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #12 quick94

    quick94
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:57 AM

    Posted 27 June 2014 - 06:13 PM

    As far as I can tell not much has changed yet

    #13 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:57 PM

    Posted 29 June 2014 - 11:27 AM

    Hello,

     

     

    We will try to manually remove Bitlord.

     

     

    We need to run a fix with FRST:
     
    • Please download the attached fixlist.txt file and save it to the same location as FRST
    • Attached File  fixlist.txt   65bytes   1 downloads
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
    • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
    • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

    ====================================================

     

     

     

    After you have completed that step, please run a normal scan with FRST once more and post the log here. I am looking to see what we have yet to fix.

     

     

     

     

     

    Elle 


    Edited by Blind Faith, 29 June 2014 - 11:27 AM.

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #14 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:12:57 PM

    Posted 02 July 2014 - 02:40 PM

    Hi,

     

     

    Do you still need help?  Please let me know.

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #15 quick94

    quick94
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:57 AM

    Posted 02 July 2014 - 03:09 PM

    Hi Elle,
    I'm currently away from my PC but will be able to get to ny PC either tomorrow or Friday.
    Thanks
    Sam




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users