Jump to content

Toxi

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Okay so i did it again and still nothing. Im running it in IE but the first time i ran it it actually found 3 things and cleaned them. The second time it found nothing. Here are the three things it quarantined C:\Windows\AutoKMS.exe C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll C:\Program Files (x86)\Common Files\ZugoInstaller.exe
  2. <p>This is all i got </p> <p> </p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner64.ocx - registred OK</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div>
  3. Okay it's doing the scan atm, was going to tell you that a little after i signed in, mbam reported the C:\windows\keygen and if i wanted to quarantine. Just thought you should know.
  4. Here's the new log ComboFix 12-06-21.02 - Toxi 06/21/2012 22:22:19.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2465 [GMT -4:00] Running from: c:\users\Toxi\Desktop\ComboFix.exe Command switches used :: c:\users\Toxi\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))) . . 2012-06-22 02:30 . 2012-06-22 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-21 12:58 . 2012-06-21 12:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll 2012-06-20 00:31 . 2012-06-20 00:31 -------- d-----w- c:\users\Toxi\AppData\Roaming\SmartFTP 2012-06-20 00:29 . 2012-06-20 00:29 -------- d-----w- c:\program files\SmartFTP Client 2012-06-20 00:28 . 2012-06-20 00:28 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-06-19 14:36 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll 2012-06-18 00:47 . 2012-06-18 00:47 -------- d-----w- c:\program files\Unlocker 2012-06-17 16:59 . 2012-06-17 16:59 -------- d-----w- c:\program files (x86)\Common Files\Overwolf 2012-06-16 18:35 . 2012-06-16 18:35 -------- d-----w- c:\program files (x86)\7-Zip 2012-06-16 18:23 . 2012-06-16 18:23 -------- d-----w- c:\program files (x86)\GnuWin32 2012-06-14 20:36 . 2012-06-20 17:46 -------- d-----w- c:\users\Toxi\AppData\Roaming\FileZilla 2012-06-14 20:35 . 2012-06-17 14:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2012-06-14 19:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 19:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 19:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 19:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 19:48 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:48 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 19:48 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 19:48 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-06-14 19:48 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 19:47 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 19:47 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-14 18:54 . 2012-06-14 18:54 -------- d-----w- c:\users\Toxi\AppData\Roaming\Malwarebytes 2012-06-14 18:53 . 2012-06-14 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-14 18:53 . 2012-06-14 18:53 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 18:53 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 22:00 . 2012-06-12 22:04 -------- d-----w- C:\srcds 2012-06-11 16:59 . 2012-06-11 16:59 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-06-11 16:59 . 2012-06-11 16:59 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-06-09 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-09 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-09 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-09 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-09 14:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-09 14:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-09 14:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-09 14:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-09 14:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-09 03:33 . 2012-06-09 03:33 -------- d-----w- c:\program files (x86)\DriverTuner 2012-06-08 00:42 . 2012-06-09 01:03 -------- d-----w- c:\program files (x86)\HmelyoffLabs 2012-06-07 21:19 . 2012-06-09 03:13 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-06-07 21:18 . 2012-06-07 21:18 -------- d-----w- c:\users\Toxi\AppData\Roaming\SplitMediaLabs 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\users\Toxi\AppData\Roaming\fltk.org 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\programdata\fltk.org 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-07 16:07 . 2012-06-07 16:07 -------- d-----w- c:\program files (x86)\QuickTime 2012-06-07 16:05 . 2012-06-07 16:05 -------- d-----w- c:\program files\iPod 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files\iTunes 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files (x86)\iTunes 2012-06-04 00:57 . 2012-06-04 00:57 -------- d-----w- c:\users\Toxi\AppData\Roaming\Toribash 2012-06-04 00:56 . 2012-06-04 00:56 -------- d-----w- C:\Games 2012-05-28 00:03 . 2012-05-28 00:03 -------- d-----w- c:\program files\Core Temp 2012-05-27 23:59 . 2012-03-09 14:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2012-05-27 23:59 . 2012-05-27 23:59 -------- d-----w- c:\program files\CPUID 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-25 00:58 . 2012-05-25 23:00 -------- d-----w- c:\programdata\EA Logs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 12:53 . 2011-06-16 00:09 119296 ----a-w- c:\windows\SysWow64\zlib.dll 2012-06-10 17:26 . 2011-05-23 16:08 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-10 17:26 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-10 17:20 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-04 22:58 . 2012-05-04 22:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 22:58 . 2011-05-16 23:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-30 11:09 . 2012-05-08 21:28 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-07-22 11:14 . 2011-08-14 21:52 625736 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_22.17.49 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-22 02:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-21 22:17 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-22 02:34 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-22 02:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-16 04:38 . 2012-06-22 02:35 58258 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-22 02:35 34258 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-16 02:47 . 2012-06-22 02:35 30950 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-629230968-3828035873-1393441361-1000_UserData.bin - 2011-05-16 02:11 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-16 02:11 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-16 02:11 . 2012-06-21 22:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-16 02:11 . 2012-06-14 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-22 02:32 . 2012-06-22 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-22 02:32 . 2012-06-22 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-06-21 22:14 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-22 02:31 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 02:34 . 2012-06-21 18:11 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2009-07-14 02:34 . 2012-06-22 00:03 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-05-17 00:11 . 2012-06-22 02:31 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat - 2011-05-17 00:11 . 2012-06-21 22:14 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-24 1242448] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 ALSysIO;ALSysIO;c:\users\Toxi\AppData\Local\Temp\ALSysIO64.sys [x] R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-06-11 18360] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000Core.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000UA.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\DAODx.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-06-21 22:40:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-22 02:40 ComboFix2.txt 2012-06-21 23:53 ComboFix3.txt 2012-06-21 22:24 . Pre-Run: 182,641,373,184 bytes free Post-Run: 182,593,302,528 bytes free . - - End Of File - - 6B8965E27B52EC373F6F6C06B579C65D
  5. Heres the log Maniac, Thanks again! ComboFix 12-06-21.02 - Toxi 06/21/2012 19:37:11.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2180 [GMT -4:00] Running from: c:\users\Toxi\Desktop\ComboFix.exe Command switches used :: c:\users\Toxi\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Keygen.exe" . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 23:44 . 2012-06-21 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 00:31 . 2012-06-20 00:31 -------- d-----w- c:\users\Toxi\AppData\Roaming\SmartFTP 2012-06-20 00:29 . 2012-06-20 00:29 -------- d-----w- c:\program files\SmartFTP Client 2012-06-20 00:28 . 2012-06-20 00:28 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-06-18 00:47 . 2012-06-18 00:47 -------- d-----w- c:\program files\Unlocker 2012-06-17 16:59 . 2012-06-17 16:59 -------- d-----w- c:\program files (x86)\Common Files\Overwolf 2012-06-16 18:35 . 2012-06-16 18:35 -------- d-----w- c:\program files (x86)\7-Zip 2012-06-16 18:23 . 2012-06-16 18:23 -------- d-----w- c:\program files (x86)\GnuWin32 2012-06-14 20:36 . 2012-06-20 17:46 -------- d-----w- c:\users\Toxi\AppData\Roaming\FileZilla 2012-06-14 20:35 . 2012-06-17 14:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2012-06-14 19:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 19:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 19:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 19:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 19:48 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:48 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 19:48 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 19:48 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-06-14 19:48 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 19:47 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 19:47 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-14 18:54 . 2012-06-14 18:54 -------- d-----w- c:\users\Toxi\AppData\Roaming\Malwarebytes 2012-06-14 18:53 . 2012-06-14 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-14 18:53 . 2012-06-14 18:53 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 18:53 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 22:00 . 2012-06-12 22:04 -------- d-----w- C:\srcds 2012-06-11 16:59 . 2012-06-11 16:59 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-06-11 16:59 . 2012-06-11 16:59 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-06-09 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-09 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-09 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-09 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-09 14:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-09 14:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-09 14:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-09 14:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-09 14:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-09 03:33 . 2012-06-09 03:33 -------- d-----w- c:\program files (x86)\DriverTuner 2012-06-08 00:42 . 2012-06-09 01:03 -------- d-----w- c:\program files (x86)\HmelyoffLabs 2012-06-07 21:19 . 2012-06-09 03:13 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-06-07 21:18 . 2012-06-07 21:18 -------- d-----w- c:\users\Toxi\AppData\Roaming\SplitMediaLabs 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\users\Toxi\AppData\Roaming\fltk.org 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\programdata\fltk.org 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-07 16:07 . 2012-06-07 16:07 -------- d-----w- c:\program files (x86)\QuickTime 2012-06-07 16:05 . 2012-06-07 16:05 -------- d-----w- c:\program files\iPod 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files\iTunes 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files (x86)\iTunes 2012-06-04 00:57 . 2012-06-04 00:57 -------- d-----w- c:\users\Toxi\AppData\Roaming\Toribash 2012-06-04 00:56 . 2012-06-04 00:56 -------- d-----w- C:\Games 2012-05-28 00:03 . 2012-05-28 00:03 -------- d-----w- c:\program files\Core Temp 2012-05-27 23:59 . 2012-03-09 14:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2012-05-27 23:59 . 2012-05-27 23:59 -------- d-----w- c:\program files\CPUID 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-25 00:58 . 2012-05-25 23:00 -------- d-----w- c:\programdata\EA Logs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 23:49 . 2012-06-21 23:49 77824 ----a-w- c:\windows\Keygen.exe 2012-06-21 12:58 . 2012-06-21 12:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll 2012-06-21 12:53 . 2011-06-16 00:09 119296 ----a-w- c:\windows\SysWow64\zlib.dll 2012-06-10 17:26 . 2011-05-23 16:08 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-10 17:26 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-10 17:20 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-31 04:04 . 2012-06-19 14:36 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll 2012-05-04 22:58 . 2012-05-04 22:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 22:58 . 2011-05-16 23:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-30 11:09 . 2012-05-08 21:28 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-07-22 11:14 . 2011-08-14 21:52 625736 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-06-21_22.17.49 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-21 23:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-21 23:48 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-21 22:17 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-21 22:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-21 23:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-16 04:38 . 2012-06-21 23:49 58094 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-21 23:49 34242 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-16 02:47 . 2012-06-21 23:49 30942 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-629230968-3828035873-1393441361-1000_UserData.bin - 2011-05-16 02:11 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-16 02:11 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-16 02:11 . 2012-06-21 22:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-16 02:11 . 2012-06-14 13:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-21 22:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-14 13:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-21 23:46 . 2012-06-21 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-21 22:15 . 2012-06-21 22:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-06-21 23:46 . 2012-06-21 23:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-06-21 23:45 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-06-21 22:14 475024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-17 00:11 . 2012-06-21 23:45 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat - 2011-05-17 00:11 . 2012-06-21 22:14 10014040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-629230968-3828035873-1393441361-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-24 1242448] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 ALSysIO;ALSysIO;c:\users\Toxi\AppData\Local\Temp\ALSysIO64.sys [x] R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-06-11 18360] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000Core.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000UA.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\DAODx.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-06-21 19:53:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 23:53 ComboFix2.txt 2012-06-21 22:24 . Pre-Run: 182,883,717,120 bytes free Post-Run: 182,600,269,824 bytes free . - - End Of File - - A2DBBC6EBC0D18ABABC6ABDA26830CD0
  6. Hey! sorry i had work heres the log. ComboFix 12-06-21.02 - Toxi 06/21/2012 18:06:53.1.4 - x64 Running from: c:\users\Toxi\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Amazon.ico c:\programdata\MercadoLivre.ico c:\programdata\QuickStores.ico c:\users\Toxi\AppData\Local\TempDIR c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Updater Service for StartNow Toolbar . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 22:13 . 2012-06-21 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-21 12:58 . 2012-06-21 12:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll 2012-06-20 00:31 . 2012-06-20 00:31 -------- d-----w- c:\users\Toxi\AppData\Roaming\SmartFTP 2012-06-20 00:29 . 2012-06-20 00:29 -------- d-----w- c:\program files\SmartFTP Client 2012-06-20 00:28 . 2012-06-20 00:28 -------- d-----w- c:\program files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-06-19 14:36 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll 2012-06-18 00:47 . 2012-06-18 00:47 -------- d-----w- c:\program files\Unlocker 2012-06-17 16:59 . 2012-06-17 16:59 -------- d-----w- c:\program files (x86)\Common Files\Overwolf 2012-06-16 18:35 . 2012-06-16 18:35 -------- d-----w- c:\program files (x86)\7-Zip 2012-06-16 18:23 . 2012-06-16 18:23 -------- d-----w- c:\program files (x86)\GnuWin32 2012-06-14 20:36 . 2012-06-20 17:46 -------- d-----w- c:\users\Toxi\AppData\Roaming\FileZilla 2012-06-14 20:35 . 2012-06-17 14:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2012-06-14 19:48 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 19:48 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 19:48 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 19:48 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 19:48 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 19:48 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:48 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 19:48 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 19:48 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-06-14 19:48 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 19:47 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 19:47 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 19:47 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 19:47 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-14 18:54 . 2012-06-14 18:54 -------- d-----w- c:\users\Toxi\AppData\Roaming\Malwarebytes 2012-06-14 18:53 . 2012-06-14 18:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-14 18:53 . 2012-06-14 18:53 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 18:53 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 22:00 . 2012-06-12 22:04 -------- d-----w- C:\srcds 2012-06-11 16:59 . 2012-06-11 16:59 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll 2012-06-11 16:59 . 2012-06-11 16:59 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2012-06-09 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-09 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-09 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-09 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-09 14:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-09 14:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-09 14:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-09 14:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-09 14:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-09 03:33 . 2012-06-09 03:33 -------- d-----w- c:\program files (x86)\DriverTuner 2012-06-08 00:42 . 2012-06-09 01:03 -------- d-----w- c:\program files (x86)\HmelyoffLabs 2012-06-07 21:19 . 2012-06-09 03:13 -------- d-----w- c:\program files (x86)\SplitMediaLabs 2012-06-07 21:18 . 2012-06-07 21:18 -------- d-----w- c:\users\Toxi\AppData\Roaming\SplitMediaLabs 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\users\Toxi\AppData\Roaming\fltk.org 2012-06-07 20:25 . 2012-06-07 20:25 -------- d-----w- c:\programdata\fltk.org 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-07 16:07 . 2012-06-07 16:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-07 16:07 . 2012-06-07 16:07 -------- d-----w- c:\program files (x86)\QuickTime 2012-06-07 16:05 . 2012-06-07 16:05 -------- d-----w- c:\program files\iPod 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files\iTunes 2012-06-07 16:05 . 2012-06-07 16:06 -------- d-----w- c:\program files (x86)\iTunes 2012-06-04 00:57 . 2012-06-04 00:57 -------- d-----w- c:\users\Toxi\AppData\Roaming\Toribash 2012-06-04 00:56 . 2012-06-04 00:56 -------- d-----w- C:\Games 2012-05-28 00:03 . 2012-05-28 00:03 -------- d-----w- c:\program files\Core Temp 2012-05-27 23:59 . 2012-03-09 14:57 23816 ----a-w- c:\windows\system32\drivers\cpuz135_x64.sys 2012-05-27 23:59 . 2012-05-27 23:59 -------- d-----w- c:\program files\CPUID 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-27 06:00 . 2012-05-27 06:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-25 00:58 . 2012-05-25 23:00 -------- d-----w- c:\programdata\EA Logs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 22:19 . 2012-06-21 22:19 77824 ----a-w- c:\windows\Keygen.exe 2012-06-21 12:53 . 2011-06-16 00:09 119296 ----a-w- c:\windows\SysWow64\zlib.dll 2012-06-10 17:26 . 2011-05-23 16:08 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-10 17:26 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-10 17:20 . 2011-05-23 15:57 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-04 22:58 . 2012-05-04 22:58 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 22:58 . 2011-05-16 23:28 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-03-30 11:09 . 2012-05-08 21:28 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-07-22 11:14 . 2011-08-14 21:52 625736 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-03-24 1242448] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-05 336384] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 ALSysIO;ALSysIO;c:\users\Toxi\AppData\Local\Temp\ALSysIO64.sys [x] R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-06-11 18360] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va005;X6va005;c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-05 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000Core.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-629230968-3828035873-1393441361-1000UA.job - c:\users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 23:26] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Toxi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF20263.3XE" [2009-07-14 344576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=d423b1ad00000000000020cf30e440c9 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\Toxi\AppData\Local\Temp\005DCF7.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\DAODx.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files (x86)\Common Files\Steam\SteamService.exe . ************************************************************************** . Completion time: 2012-06-21 18:24:18 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 22:24 . Pre-Run: 180,234,940,416 bytes free Post-Run: 182,840,131,584 bytes free . - - End Of File - - E0140B4436AE248A61E58F278A2D7B64
  7. DDS (which took longer than 3 mins) . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Toxi at 9:16:17 on 2012-06-21 . ============== Running Processes =============== . C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Origin\Origin.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\DAODx.exe C:\Fraps\fraps.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\Downloads\dds.com C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=d423b1ad00000000000020cf30e440c9 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30C412A9-6682-47FF-A96D-0DFE05B75F96} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R? ALSysIO;ALSysIO R? ATP;Comodo Unite Miniport Driver R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? McComponentHostService;McAfee Security Scan Component Host Service R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service R? nmwcdnsux64;Nokia USB Flashing Phone Parent R? OverwolfUpdaterService;Overwolf Updater Service R? SkypeUpdate;Skype Updater R? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar R? USBAAPL64;Apple Mobile USB Driver R? WatAdminSvc;Windows Activation Technologies Service R? X6va005;X6va005 S? AdobeARMservice;Adobe Acrobat Update Service S? AMD External Events Utility;AMD External Events Utility S? AMD FUEL Service;AMD FUEL Service S? AMD Reservation Manager;AMD Reservation Manager S? amdiox64;AMD IO Driver S? amdkmdag;amdkmdag S? amdkmdap;amdkmdap S? aswFsBlk;aswFsBlk S? aswMonFlt;aswMonFlt S? aswSnx;aswSnx S? aswSP;aswSP S? AtiHDAudioService;ATI Function Driver for HD Audio Service S? avast! Antivirus;avast! Antivirus S? cpuz135;cpuz135 S? HiPatchService;Hi-Rez Studios Authenticate and Update Service S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService S? nusb3hub;NEC Electronics USB 3.0 Hub Driver S? nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver S? osppsvc;Office Software Protection Platform S? RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver S? RzSynapse;Razer Driver S? TeamViewer7;TeamViewer 7 S? VIAHdAudAddService;VIA High Definition Audio Driver Service . =============== Created Last 30 ================ . 2012-06-21 12:58:57 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll 2012-06-20 00:29:31 -------- d-----w- C:\Program Files\SmartFTP Client 2012-06-20 00:28:25 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-06-19 14:36:36 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll 2012-06-18 23:44:36 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2012-06-18 00:47:58 -------- d-----w- C:\Program Files\Unlocker 2012-06-17 16:59:45 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf 2012-06-16 18:23:46 -------- d-----w- C:\Program Files (x86)\GnuWin32 2012-06-14 19:48:39 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 19:48:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 19:48:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 19:48:36 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 19:48:32 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 19:48:30 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 19:48:29 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:48:25 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 19:48:23 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 19:48:21 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 19:48:19 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 19:47:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 19:47:51 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 19:47:51 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 19:47:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 19:47:49 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 19:47:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-14 18:54:03 -------- d-----w- C:\Users\Toxi\AppData\Roaming\Malwarebytes 2012-06-14 18:53:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-14 18:53:59 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-14 18:53:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-12 22:00:55 -------- d-----w- C:\srcds 2012-06-11 16:59:06 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2012-06-11 16:59:06 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2012-06-09 14:13:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-09 14:13:09 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-09 14:12:51 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-09 14:12:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-09 03:33:21 -------- d-----w- C:\Program Files (x86)\DriverTuner 2012-06-08 00:42:47 -------- d-----w- C:\Program Files (x86)\HmelyoffLabs 2012-06-07 21:19:47 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-06-07 21:18:36 -------- d-----w- C:\Users\Toxi\AppData\Roaming\SplitMediaLabs 2012-06-07 20:25:23 -------- d-----w- C:\Users\Toxi\AppData\Roaming\fltk.org 2012-06-07 20:25:23 -------- d-----w- C:\ProgramData\fltk.org 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-07 16:05:50 -------- d-----w- C:\Program Files\iPod 2012-06-07 16:05:49 -------- d-----w- C:\Program Files\iTunes 2012-06-07 16:05:49 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-04 00:57:06 -------- d-----w- C:\Users\Toxi\AppData\Roaming\Toribash 2012-06-04 00:56:46 -------- d-----w- C:\Games 2012-05-28 00:03:09 -------- d-----w- C:\Program Files\Core Temp 2012-05-27 23:59:47 23816 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys 2012-05-27 23:59:46 -------- d-----w- C:\Program Files\CPUID 2012-05-25 00:58:43 -------- d-----w- C:\ProgramData\EA Logs . ==================== Find3M ==================== . 2012-06-21 12:53:25 119296 ----a-w- C:\Windows\SysWow64\zlib.dll 2012-06-10 17:26:31 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-10 17:26:31 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-10 17:20:55 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-04 22:58:48 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 22:58:48 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-07-22 11:14:12 625736 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe . ============= FINISH: 9:20:57.43 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Installed Programs ====================== . 6500_E709_eDocs 6500_E709_Help 6500_E709n 7-Zip 9.20 Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Adobe Story Alan Wake Amnesia: The Dark Descent Apple Application Support Apple Software Update ATI Catalyst Registration Audiosurf Auto Clicker avast! Free Antivirus Battlefield 2 Battlefield 3™ Battlefield 3™ Open Beta Battlefield: Bad Company 2 Battlelog Web Plugins BIT.TRIP BEAT bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Call of Duty 4: Modern Warfare Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Call of Duty: World at War Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static CCC Help English Cheat Engine 6.1 Circuit Construction Kit (DC Only) Counter-Strike: Source Coupon Printer for Windows Crysis 2 Dead Island Dead Space 2 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DivX Setup DocMgr DocProc DOOM 3 DriverTuner 3.1.0.0 Dropbox ESN Sonar F.E.A.R. F.E.A.R. 2: Project Origin F.E.A.R. 3 Faraday's Electromagnetic Lab Fax FileZilla Client 3.5.3 Forsaken World Fraps (remove only) Free YouTube Downloader 3.5.123 GameXN GO Geekbench 2.2 GnuWin32: Bzip2-1.0.5 Google Chrome Google Talk Plugin GPBaseService2 Half-Life 2 Half-Life Dedicated Server Update Tool Half-Life: Blue Shift Hi-Rez Studios Authenticate and Update Service HP Update HPProductAssistant HPSSupply Java Auto Updater Java 6 Update 31 Killing Floor Left 4 Dead Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Security Scan Plus Medal of Honor Multiplayer Medal of Honor Single Player Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MP3Resizer 1.9.5 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 NEC Electronics USB 3.0 Host Controller Driver Need for Speed Hot Pursuit NVIDIA PhysX OpenAL Origin PandoraRecovery (Remove Only) PAYDAY: The Heist Pinnacle Game Profiler Platform Portal 2 ProductContext PunkBuster Services Quake 4 QuickTime Raidcall Razer BlackWidow Ultimate Remote Mouse version 1.09 Resident Evil 5 Runes of Magic Rusty Hearts Saints Row: The Third Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Click to Call Skype™ 5.8 SmartFTP Client Setup Files 4.0 (x64) (remove only) SmartWebPrinting SolutionCenter Source Multiplayer Dedicated Server Source SDK Base 2007 SplitMediaLabs VH Screen Capture Driver (x86) Status Steam Super Street Fighter IV: Arcade Edition Synergy System Requirements Lab CYRI Team Fortress 2 TeamSpeak 3 Client TeamViewer 7 The Darkness II Toolbox TrayApp Tribes Ascend Closed Beta UE3Redist Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Ventrilo Server VIA Platform Device Manager VNC Free Edition 4.1.3 WebReg Wolfenstein World of Warcraft Worms Reloaded Xvid 1.2.2 final uninstall YouTube Downloader 3.5 Zombie Panic Source . ==== End Of File =========================== Here's what i was mention about the ip's from mbam it created a log from yesterday including the keygen crap. 2012/06/20 07:58:35 -0400 TOXI-PC Toxi MESSAGE Starting protection 2012/06/20 07:58:37 -0400 TOXI-PC Toxi MESSAGE Protection started successfully 2012/06/20 07:58:40 -0400 TOXI-PC Toxi MESSAGE Starting IP protection 2012/06/20 07:58:42 -0400 TOXI-PC Toxi MESSAGE IP Protection started successfully 2012/06/20 07:58:51 -0400 TOXI-PC Toxi DETECTION C:\Windows\Keygen.exe RiskWare.Tool.CK QUARANTINE 2012/06/20 08:52:23 -0400 TOXI-PC Toxi IP-BLOCK 89.28.85.213 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 10:06:14 -0400 TOXI-PC Toxi IP-BLOCK 89.28.77.40 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 11:12:09 -0400 TOXI-PC Toxi IP-BLOCK 89.28.8.142 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 11:29:30 -0400 TOXI-PC Toxi IP-BLOCK 89.28.109.180 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 11:38:34 -0400 TOXI-PC Toxi IP-BLOCK 89.28.78.111 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 12:19:24 -0400 TOXI-PC Toxi IP-BLOCK 89.28.116.14 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 12:41:32 -0400 TOXI-PC Toxi IP-BLOCK 89.28.7.42 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 13:00:45 -0400 TOXI-PC Toxi IP-BLOCK 188.130.177.10 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 13:18:06 -0400 TOXI-PC Toxi IP-BLOCK 89.28.77.40 (Type: incoming, Port: 27015, Process: srcds.exe) 2012/06/20 15:23:04 -0400 TOXI-PC Toxi MESSAGE Executing scheduled update: Daily 2012/06/20 15:23:10 -0400 TOXI-PC Toxi MESSAGE Starting database refresh 2012/06/20 15:23:10 -0400 TOXI-PC Toxi MESSAGE Scheduled update executed successfully: database updated from version v2012.06.19.06 to version v2012.06.20.05 2012/06/20 15:23:10 -0400 TOXI-PC Toxi MESSAGE Stopping IP protection 2012/06/20 15:24:40 -0400 TOXI-PC Toxi MESSAGE IP Protection stopped 2012/06/20 21:59:41 -0400 TOXI-PC Toxi MESSAGE Starting protection 2012/06/20 21:59:43 -0400 TOXI-PC Toxi MESSAGE Protection started successfully 2012/06/20 21:59:46 -0400 TOXI-PC Toxi MESSAGE Starting IP protection 2012/06/20 21:59:48 -0400 TOXI-PC Toxi DETECTION C:\Windows\Keygen.exe RiskWare.Tool.CK QUARANTINE 2012/06/20 21:59:48 -0400 TOXI-PC Toxi MESSAGE IP Protection started successfully
  8. Hello Maniac! Thanks for taking you're time to help me out. I wanted to mention i ran a quick scan yesterday of mbam in safe mode and it found nothing and as soon i as rebooted in normal mode everything was fine again. Im not sure whats going on. Both TDSSkiller and Mbam found nothing here are the logs. TDSSKiller 08:58:15.0194 0216 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32 08:58:15.0447 0216 ============================================================ 08:58:15.0447 0216 Current date / time: 2012/06/21 08:58:15.0447 08:58:15.0447 0216 SystemInfo: 08:58:15.0447 0216 08:58:15.0447 0216 OS Version: 6.1.7600 ServicePack: 0.0 08:58:15.0447 0216 Product type: Workstation 08:58:15.0448 0216 ComputerName: TOXI-PC 08:58:15.0448 0216 UserName: Toxi 08:58:15.0448 0216 Windows directory: C:\Windows 08:58:15.0448 0216 System windows directory: C:\Windows 08:58:15.0448 0216 Running under WOW64 08:58:15.0448 0216 Processor architecture: Intel x64 08:58:15.0448 0216 Number of processors: 4 08:58:15.0448 0216 Page size: 0x1000 08:58:15.0448 0216 Boot type: Normal boot 08:58:15.0448 0216 ============================================================ 08:58:17.0036 0216 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:58:17.0042 0216 ============================================================ 08:58:17.0042 0216 \Device\Harddisk0\DR0: 08:58:17.0043 0216 MBR partitions: 08:58:17.0043 0216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 08:58:17.0043 0216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 08:58:17.0043 0216 ============================================================ 08:58:17.0052 0216 C: <-> \Device\Harddisk0\DR0\Partition1 08:58:17.0052 0216 ============================================================ 08:58:17.0052 0216 Initialize success 08:58:17.0052 0216 ============================================================ 08:58:52.0445 2084 ============================================================ 08:58:52.0445 2084 Scan started 08:58:52.0445 2084 Mode: Manual; 08:58:52.0445 2084 ============================================================ 08:58:56.0881 2084 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 08:58:56.0890 2084 1394ohci - ok 08:58:57.0090 2084 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 08:58:57.0095 2084 ACPI - ok 08:58:57.0140 2084 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 08:58:57.0140 2084 AcpiPmi - ok 08:58:57.0347 2084 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 08:58:57.0348 2084 AdobeARMservice - ok 08:58:57.0644 2084 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:58:57.0679 2084 adp94xx - ok 08:58:57.0760 2084 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:58:57.0764 2084 adpahci - ok 08:58:57.0844 2084 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:58:57.0848 2084 adpu320 - ok 08:58:57.0909 2084 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:58:57.0910 2084 AeLookupSvc - ok 08:58:58.0269 2084 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 08:58:58.0274 2084 AFD - ok 08:58:58.0346 2084 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 08:58:58.0374 2084 agp440 - ok 08:58:58.0465 2084 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:58:58.0466 2084 ALG - ok 08:58:58.0492 2084 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 08:58:58.0493 2084 aliide - ok 08:58:59.0152 2084 ALSysIO - ok 08:58:59.0992 2084 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe 08:59:00.0008 2084 AMD External Events Utility - ok 08:59:00.0135 2084 AMD FUEL Service - ok 08:59:00.0310 2084 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe 08:59:00.0311 2084 AMD Reservation Manager - ok 08:59:00.0456 2084 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 08:59:00.0456 2084 amdide - ok 08:59:00.0578 2084 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 08:59:00.0584 2084 amdiox64 - ok 08:59:00.0698 2084 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:59:00.0700 2084 AmdK8 - ok 08:59:04.0193 2084 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys 08:59:04.0338 2084 amdkmdag - ok 08:59:04.0951 2084 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys 08:59:04.0962 2084 amdkmdap - ok 08:59:05.0007 2084 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:59:05.0008 2084 AmdPPM - ok 08:59:05.0150 2084 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 08:59:05.0168 2084 amdsata - ok 08:59:05.0265 2084 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:59:05.0282 2084 amdsbs - ok 08:59:05.0360 2084 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 08:59:05.0389 2084 amdxata - ok 08:59:05.0443 2084 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 08:59:05.0448 2084 AppID - ok 08:59:05.0488 2084 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:59:05.0488 2084 AppIDSvc - ok 08:59:05.0588 2084 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 08:59:05.0595 2084 Appinfo - ok 08:59:05.0958 2084 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:59:05.0995 2084 Apple Mobile Device - ok 08:59:06.0124 2084 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:59:06.0129 2084 arc - ok 08:59:06.0232 2084 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:59:06.0246 2084 arcsas - ok 08:59:06.0762 2084 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:59:06.0772 2084 aspnet_state - ok 08:59:06.0873 2084 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys 08:59:06.0874 2084 aswFsBlk - ok 08:59:06.0961 2084 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys 08:59:06.0970 2084 aswMonFlt - ok 08:59:07.0036 2084 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys 08:59:07.0037 2084 aswRdr - ok 08:59:07.0091 2084 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys 08:59:07.0098 2084 aswSnx - ok 08:59:07.0122 2084 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys 08:59:07.0125 2084 aswSP - ok 08:59:07.0153 2084 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys 08:59:07.0154 2084 aswTdi - ok 08:59:07.0167 2084 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:59:07.0168 2084 AsyncMac - ok 08:59:07.0178 2084 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 08:59:07.0179 2084 atapi - ok 08:59:07.0233 2084 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 08:59:07.0234 2084 AtiHDAudioService - ok 08:59:07.0237 2084 ATP - ok 08:59:07.0882 2084 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 08:59:07.0888 2084 AudioEndpointBuilder - ok 08:59:07.0894 2084 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 08:59:07.0897 2084 AudioSrv - ok 08:59:08.0084 2084 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 08:59:08.0085 2084 avast! Antivirus - ok 08:59:08.0110 2084 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 08:59:08.0111 2084 AxInstSV - ok 08:59:08.0149 2084 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:59:08.0153 2084 b06bdrv - ok 08:59:08.0195 2084 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:59:08.0198 2084 b57nd60a - ok 08:59:08.0214 2084 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:59:08.0214 2084 BDESVC - ok 08:59:08.0235 2084 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:59:08.0236 2084 Beep - ok 08:59:08.0338 2084 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 08:59:08.0344 2084 BFE - ok 08:59:08.0510 2084 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 08:59:08.0519 2084 BITS - ok 08:59:08.0753 2084 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:59:08.0755 2084 blbdrive - ok 08:59:09.0057 2084 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 08:59:09.0060 2084 Bonjour Service - ok 08:59:09.0089 2084 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 08:59:09.0090 2084 bowser - ok 08:59:09.0093 2084 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:59:09.0094 2084 BrFiltLo - ok 08:59:09.0104 2084 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:59:09.0104 2084 BrFiltUp - ok 08:59:09.0119 2084 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 08:59:09.0121 2084 Browser - ok 08:59:09.0144 2084 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:59:09.0146 2084 Brserid - ok 08:59:09.0163 2084 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:59:09.0165 2084 BrSerWdm - ok 08:59:09.0167 2084 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:59:09.0168 2084 BrUsbMdm - ok 08:59:09.0171 2084 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:59:09.0172 2084 BrUsbSer - ok 08:59:09.0181 2084 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:59:09.0182 2084 BTHMODEM - ok 08:59:09.0201 2084 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:59:09.0202 2084 bthserv - ok 08:59:09.0216 2084 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:59:09.0217 2084 cdfs - ok 08:59:09.0236 2084 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 08:59:09.0238 2084 cdrom - ok 08:59:09.0426 2084 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 08:59:09.0427 2084 CertPropSvc - ok 08:59:09.0493 2084 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:59:09.0515 2084 circlass - ok 08:59:09.0539 2084 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:59:09.0543 2084 CLFS - ok 08:59:09.0780 2084 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:59:09.0782 2084 clr_optimization_v2.0.50727_32 - ok 08:59:09.0981 2084 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:59:10.0011 2084 clr_optimization_v2.0.50727_64 - ok 08:59:10.0193 2084 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:59:10.0198 2084 clr_optimization_v4.0.30319_32 - ok 08:59:10.0243 2084 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:59:10.0245 2084 clr_optimization_v4.0.30319_64 - ok 08:59:10.0250 2084 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:59:10.0266 2084 CmBatt - ok 08:59:10.0285 2084 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 08:59:10.0286 2084 cmdide - ok 08:59:10.0399 2084 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 08:59:10.0403 2084 CNG - ok 08:59:10.0418 2084 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:59:10.0419 2084 Compbatt - ok 08:59:10.0442 2084 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 08:59:10.0443 2084 CompositeBus - ok 08:59:10.0446 2084 COMSysApp - ok 08:59:10.0548 2084 cpuz135 (75dbd5db9892d7451d0429bec1aabe1a) C:\Windows\system32\drivers\cpuz135_x64.sys 08:59:10.0550 2084 cpuz135 - ok 08:59:10.0598 2084 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:59:10.0600 2084 crcdisk - ok 08:59:10.0723 2084 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 08:59:10.0735 2084 CryptSvc - ok 08:59:10.0927 2084 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 08:59:10.0944 2084 DcomLaunch - ok 08:59:11.0020 2084 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:59:11.0029 2084 defragsvc - ok 08:59:11.0090 2084 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 08:59:11.0093 2084 DfsC - ok 08:59:11.0153 2084 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 08:59:11.0170 2084 Dhcp - ok 08:59:11.0266 2084 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:59:11.0296 2084 discache - ok 08:59:11.0335 2084 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:59:11.0338 2084 Disk - ok 08:59:11.0367 2084 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 08:59:11.0374 2084 Dnscache - ok 08:59:11.0392 2084 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 08:59:11.0396 2084 dot3svc - ok 08:59:11.0412 2084 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 08:59:11.0415 2084 DPS - ok 08:59:11.0469 2084 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:59:11.0471 2084 drmkaud - ok 08:59:11.0560 2084 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 08:59:11.0588 2084 DXGKrnl - ok 08:59:11.0626 2084 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:59:11.0631 2084 EapHost - ok 08:59:13.0576 2084 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:59:13.0616 2084 ebdrv - ok 08:59:14.0006 2084 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 08:59:14.0021 2084 EFS - ok 08:59:14.0892 2084 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 08:59:14.0953 2084 ehRecvr - ok 08:59:15.0231 2084 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:59:15.0251 2084 ehSched - ok 08:59:15.0666 2084 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:59:15.0687 2084 elxstor - ok 08:59:15.0715 2084 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 08:59:15.0717 2084 ErrDev - ok 08:59:15.0902 2084 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:59:15.0918 2084 EventSystem - ok 08:59:16.0021 2084 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:59:16.0031 2084 exfat - ok 08:59:16.0069 2084 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:59:16.0079 2084 fastfat - ok 08:59:16.0493 2084 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 08:59:16.0531 2084 Fax - ok 08:59:16.0682 2084 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:59:16.0702 2084 fdc - ok 08:59:16.0791 2084 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:59:16.0804 2084 fdPHost - ok 08:59:16.0929 2084 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:59:16.0942 2084 FDResPub - ok 08:59:16.0994 2084 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:59:16.0997 2084 FileInfo - ok 08:59:17.0050 2084 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:59:17.0053 2084 Filetrace - ok 08:59:17.0080 2084 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:59:17.0082 2084 flpydisk - ok 08:59:17.0143 2084 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 08:59:17.0158 2084 FltMgr - ok 08:59:17.0323 2084 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 08:59:17.0359 2084 FontCache - ok 08:59:17.0545 2084 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:59:17.0547 2084 FontCache3.0.0.0 - ok 08:59:17.0629 2084 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:59:17.0632 2084 FsDepends - ok 08:59:17.0674 2084 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 08:59:17.0687 2084 Fs_Rec - ok 08:59:17.0956 2084 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:59:17.0987 2084 fvevol - ok 08:59:18.0103 2084 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:59:18.0116 2084 gagp30kx - ok 08:59:18.0185 2084 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:59:18.0198 2084 GEARAspiWDM - ok 08:59:19.0035 2084 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 08:59:19.0072 2084 gpsvc - ok 08:59:19.0269 2084 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 08:59:19.0285 2084 hamachi - ok 08:59:19.0332 2084 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:59:19.0334 2084 hcw85cir - ok 08:59:19.0489 2084 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 08:59:19.0506 2084 HdAudAddService - ok 08:59:19.0554 2084 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:59:19.0557 2084 HDAudBus - ok 08:59:19.0583 2084 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:59:19.0584 2084 HidBatt - ok 08:59:19.0614 2084 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:59:19.0615 2084 HidBth - ok 08:59:20.0169 2084 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:59:20.0187 2084 HidIr - ok 08:59:20.0378 2084 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 08:59:20.0424 2084 hidserv - ok 08:59:20.0798 2084 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 08:59:20.0850 2084 HidUsb - ok 08:59:21.0087 2084 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 08:59:21.0088 2084 HiPatchService - ok 08:59:21.0181 2084 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 08:59:21.0187 2084 hkmsvc - ok 08:59:21.0289 2084 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 08:59:21.0299 2084 HomeGroupListener - ok 08:59:21.0437 2084 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 08:59:21.0461 2084 HomeGroupProvider - ok 08:59:21.0921 2084 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 08:59:21.0926 2084 hpqcxs08 - ok 08:59:22.0046 2084 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 08:59:22.0049 2084 hpqddsvc - ok 08:59:22.0152 2084 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 08:59:22.0158 2084 HpSAMD - ok 08:59:22.0413 2084 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 08:59:22.0430 2084 HPSLPSVC - ok 08:59:22.0595 2084 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 08:59:22.0612 2084 HTTP - ok 08:59:22.0634 2084 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 08:59:22.0635 2084 hwpolicy - ok 08:59:22.0663 2084 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 08:59:22.0665 2084 i8042prt - ok 08:59:22.0733 2084 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 08:59:22.0748 2084 iaStorV - ok 08:59:23.0659 2084 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:59:23.0682 2084 idsvc - ok 08:59:23.0741 2084 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:59:23.0752 2084 iirsp - ok 08:59:23.0849 2084 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 08:59:23.0861 2084 IKEEXT - ok 08:59:23.0919 2084 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 08:59:23.0921 2084 intelide - ok 08:59:23.0946 2084 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:59:23.0947 2084 intelppm - ok 08:59:23.0989 2084 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:59:23.0991 2084 IPBusEnum - ok 08:59:24.0009 2084 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:59:24.0021 2084 IpFilterDriver - ok 08:59:24.0090 2084 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 08:59:24.0102 2084 iphlpsvc - ok 08:59:24.0125 2084 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 08:59:24.0130 2084 IPMIDRV - ok 08:59:24.0143 2084 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:59:24.0149 2084 IPNAT - ok 08:59:27.0073 2084 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 08:59:27.0096 2084 iPod Service - ok 08:59:27.0147 2084 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:59:27.0149 2084 IRENUM - ok 08:59:27.0187 2084 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 08:59:27.0189 2084 isapnp - ok 08:59:27.0218 2084 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 08:59:27.0224 2084 iScsiPrt - ok 08:59:27.0508 2084 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:59:27.0529 2084 kbdclass - ok 08:59:27.0722 2084 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 08:59:27.0736 2084 kbdhid - ok 08:59:27.0829 2084 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 08:59:27.0835 2084 KeyIso - ok 08:59:28.0111 2084 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 08:59:28.0119 2084 KSecDD - ok 08:59:28.0238 2084 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 08:59:28.0243 2084 KSecPkg - ok 08:59:28.0304 2084 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:59:28.0306 2084 ksthunk - ok 08:59:28.0373 2084 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:59:28.0387 2084 KtmRm - ok 08:59:28.0466 2084 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 08:59:28.0480 2084 LanmanServer - ok 08:59:28.0545 2084 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 08:59:28.0559 2084 LanmanWorkstation - ok 08:59:28.0606 2084 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:59:28.0613 2084 lltdio - ok 08:59:28.0683 2084 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:59:28.0698 2084 lltdsvc - ok 08:59:28.0721 2084 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:59:28.0724 2084 lmhosts - ok 08:59:29.0240 2084 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:59:29.0254 2084 LSI_FC - ok 08:59:29.0313 2084 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:59:29.0347 2084 LSI_SAS - ok 08:59:29.0380 2084 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:59:29.0454 2084 LSI_SAS2 - ok 08:59:29.0512 2084 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:59:29.0516 2084 LSI_SCSI - ok 08:59:29.0555 2084 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:59:29.0558 2084 luafv - ok 08:59:29.0613 2084 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 08:59:29.0623 2084 MBAMProtector - ok 08:59:31.0596 2084 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:59:31.0600 2084 MBAMService - ok 08:59:32.0153 2084 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 08:59:32.0159 2084 McComponentHostService - ok 08:59:32.0198 2084 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 08:59:32.0202 2084 Mcx2Svc - ok 08:59:32.0236 2084 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:59:32.0237 2084 megasas - ok 08:59:32.0264 2084 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:59:32.0267 2084 MegaSR - ok 08:59:32.0468 2084 Microsoft SharePoint Workspace Audit Service - ok 08:59:33.0006 2084 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:59:33.0012 2084 MMCSS - ok 08:59:33.0106 2084 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:59:33.0109 2084 Modem - ok 08:59:33.0308 2084 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:59:33.0309 2084 monitor - ok 08:59:33.0800 2084 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:59:33.0823 2084 mouclass - ok 08:59:33.0870 2084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:59:33.0871 2084 mouhid - ok 08:59:33.0881 2084 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 08:59:33.0882 2084 mountmgr - ok 08:59:33.0904 2084 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 08:59:33.0906 2084 mpio - ok 08:59:33.0920 2084 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:59:33.0921 2084 mpsdrv - ok 08:59:33.0974 2084 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 08:59:33.0989 2084 MpsSvc - ok 08:59:34.0072 2084 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 08:59:34.0085 2084 MRxDAV - ok 08:59:34.0151 2084 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:59:34.0153 2084 mrxsmb - ok 08:59:34.0199 2084 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:59:34.0202 2084 mrxsmb10 - ok 08:59:34.0353 2084 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:59:34.0360 2084 mrxsmb20 - ok 08:59:34.0460 2084 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 08:59:34.0470 2084 msahci - ok 08:59:34.0486 2084 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 08:59:34.0488 2084 msdsm - ok 08:59:34.0505 2084 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:59:34.0508 2084 MSDTC - ok 08:59:34.0520 2084 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:59:34.0521 2084 Msfs - ok 08:59:34.0523 2084 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:59:34.0524 2084 mshidkmdf - ok 08:59:34.0527 2084 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 08:59:34.0528 2084 msisadrv - ok 08:59:34.0568 2084 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:59:34.0586 2084 MSiSCSI - ok 08:59:34.0588 2084 msiserver - ok 08:59:34.0602 2084 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:59:34.0602 2084 MSKSSRV - ok 08:59:34.0606 2084 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:59:34.0606 2084 MSPCLOCK - ok 08:59:34.0609 2084 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:59:34.0610 2084 MSPQM - ok 08:59:34.0625 2084 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 08:59:34.0629 2084 MsRPC - ok 08:59:34.0636 2084 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 08:59:34.0636 2084 mssmbios - ok 08:59:34.0639 2084 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:59:34.0639 2084 MSTEE - ok 08:59:34.0643 2084 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:59:34.0644 2084 MTConfig - ok 08:59:34.0797 2084 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys 08:59:34.0800 2084 MTsensor - ok 08:59:34.0952 2084 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:59:34.0955 2084 Mup - ok 08:59:35.0234 2084 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 08:59:35.0251 2084 napagent - ok 08:59:35.0288 2084 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:59:35.0292 2084 NativeWifiP - ok 08:59:35.0497 2084 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 08:59:35.0525 2084 NDIS - ok 08:59:35.0536 2084 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:59:35.0539 2084 NdisCap - ok 08:59:35.0551 2084 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:59:35.0553 2084 NdisTapi - ok 08:59:35.0574 2084 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 08:59:35.0576 2084 Ndisuio - ok 08:59:35.0593 2084 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 08:59:35.0595 2084 NdisWan - ok 08:59:35.0608 2084 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 08:59:35.0609 2084 NDProxy - ok 08:59:35.0727 2084 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 08:59:35.0729 2084 Net Driver HPZ12 - ok 08:59:35.0756 2084 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:59:35.0757 2084 NetBIOS - ok 08:59:35.0769 2084 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 08:59:35.0772 2084 NetBT - ok 08:59:35.0805 2084 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 08:59:35.0808 2084 Netlogon - ok 08:59:35.0874 2084 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:59:35.0874 2084 Netman - ok 08:59:36.0594 2084 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:59:36.0631 2084 NetMsmqActivator - ok 08:59:36.0656 2084 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:59:36.0660 2084 NetPipeActivator - ok 08:59:36.0952 2084 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:59:36.0976 2084 netprofm - ok 08:59:37.0012 2084 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:59:37.0014 2084 NetTcpActivator - ok 08:59:37.0017 2084 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:59:37.0018 2084 NetTcpPortSharing - ok 08:59:37.0136 2084 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:59:37.0150 2084 nfrd960 - ok 08:59:37.0394 2084 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 08:59:37.0416 2084 NlaSvc - ok 08:59:37.0452 2084 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys 08:59:37.0457 2084 nmwcdnsux64 - ok 08:59:37.0472 2084 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:59:37.0475 2084 Npfs - ok 08:59:37.0512 2084 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:59:37.0514 2084 nsi - ok 08:59:37.0527 2084 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:59:37.0538 2084 nsiproxy - ok 08:59:38.0346 2084 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 08:59:38.0361 2084 Ntfs - ok 08:59:38.0797 2084 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:59:38.0818 2084 Null - ok 08:59:39.0272 2084 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys 08:59:39.0348 2084 nusb3hub - ok 08:59:39.0740 2084 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys 08:59:39.0745 2084 nusb3xhc - ok 08:59:39.0780 2084 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 08:59:39.0784 2084 nvraid - ok 08:59:39.0801 2084 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 08:59:39.0803 2084 nvstor - ok 08:59:39.0827 2084 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 08:59:39.0828 2084 nv_agp - ok 08:59:39.0837 2084 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 08:59:39.0839 2084 ohci1394 - ok 08:59:40.0168 2084 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:59:40.0175 2084 ose - ok 08:59:41.0139 2084 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:59:41.0214 2084 osppsvc - ok 08:59:41.0357 2084 OverwolfUpdaterService (0e2fde2689340f06e7005bcdc45a5f5a) C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe 08:59:41.0370 2084 OverwolfUpdaterService - ok 08:59:41.0643 2084 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:59:41.0666 2084 p2pimsvc - ok 08:59:41.0764 2084 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:59:41.0800 2084 p2psvc - ok 08:59:41.0921 2084 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:59:41.0923 2084 Parport - ok 08:59:41.0969 2084 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 08:59:41.0986 2084 partmgr - ok 08:59:42.0008 2084 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:59:42.0012 2084 PcaSvc - ok 08:59:42.0027 2084 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 08:59:42.0029 2084 pci - ok 08:59:42.0037 2084 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 08:59:42.0038 2084 pciide - ok 08:59:42.0060 2084 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:59:42.0062 2084 pcmcia - ok 08:59:42.0080 2084 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:59:42.0081 2084 pcw - ok 08:59:42.0103 2084 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:59:42.0103 2084 PEAUTH - ok 08:59:42.0250 2084 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:59:42.0257 2084 PerfHost - ok 08:59:42.0968 2084 PinnacleUpdateSvc (0015113a604b94769ab5159e8dcfc6e6) C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe 08:59:42.0976 2084 PinnacleUpdateSvc - ok 08:59:45.0256 2084 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 08:59:45.0284 2084 pla - ok 08:59:45.0366 2084 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 08:59:45.0388 2084 PlugPlay - ok 08:59:45.0448 2084 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 08:59:45.0454 2084 Pml Driver HPZ12 - ok 08:59:45.0503 2084 PnkBstrA - ok 08:59:45.0539 2084 PnkBstrB - ok 08:59:45.0593 2084 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:59:45.0596 2084 PNRPAutoReg - ok 08:59:45.0860 2084 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:59:45.0872 2084 PNRPsvc - ok 08:59:47.0170 2084 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 08:59:47.0185 2084 PolicyAgent - ok 08:59:47.0717 2084 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:59:47.0731 2084 Power - ok 08:59:47.0963 2084 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 08:59:47.0976 2084 PptpMiniport - ok 08:59:48.0005 2084 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:59:48.0008 2084 Processor - ok 08:59:48.0666 2084 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 08:59:48.0680 2084 ProfSvc - ok 08:59:48.0746 2084 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 08:59:48.0748 2084 ProtectedStorage - ok 08:59:48.0793 2084 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 08:59:48.0795 2084 Psched - ok 08:59:49.0093 2084 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:59:49.0157 2084 ql2300 - ok 08:59:50.0193 2084 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:59:50.0231 2084 ql40xx - ok 08:59:50.0807 2084 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:59:50.0833 2084 QWAVE - ok 08:59:50.0964 2084 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:59:50.0967 2084 QWAVEdrv - ok 08:59:51.0082 2084 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:59:51.0097 2084 RasAcd - ok 08:59:51.0122 2084 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:59:51.0123 2084 RasAgileVpn - ok 08:59:51.0141 2084 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:59:51.0145 2084 RasAuto - ok 08:59:51.0163 2084 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:59:51.0164 2084 Rasl2tp - ok 08:59:51.0558 2084 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 08:59:51.0564 2084 RasMan - ok 08:59:51.0579 2084 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:59:51.0581 2084 RasPppoe - ok 08:59:51.0599 2084 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:59:51.0600 2084 RasSstp - ok 08:59:51.0619 2084 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 08:59:51.0623 2084 rdbss - ok 08:59:51.0634 2084 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:59:51.0636 2084 rdpbus - ok 08:59:51.0646 2084 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:59:51.0647 2084 RDPCDD - ok 08:59:51.0668 2084 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:59:51.0669 2084 RDPENCDD - ok 08:59:51.0681 2084 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:59:51.0682 2084 RDPREFMP - ok 08:59:51.0984 2084 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 08:59:52.0006 2084 RDPWD - ok 08:59:52.0035 2084 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 08:59:52.0038 2084 rdyboost - ok 08:59:52.0089 2084 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:59:52.0092 2084 RemoteAccess - ok 08:59:52.0113 2084 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:59:52.0117 2084 RemoteRegistry - ok 08:59:52.0142 2084 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:59:52.0146 2084 RpcEptMapper - ok 08:59:52.0181 2084 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:59:52.0184 2084 RpcLocator - ok 08:59:52.0210 2084 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 08:59:52.0214 2084 RpcSs - ok 08:59:52.0254 2084 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:59:52.0256 2084 rspndr - ok 08:59:52.0283 2084 RTLE8023x64 (55d5947298501c38095733f16eeb36c5) C:\Windows\system32\DRIVERS\Rtenic64.sys 08:59:52.0286 2084 RTLE8023x64 - ok 08:59:52.0513 2084 RzSynapse (f71eea505290b0aad48850f0d750702d) C:\Windows\system32\DRIVERS\RzSynapse.sys 08:59:52.0541 2084 RzSynapse - ok 08:59:52.0606 2084 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 08:59:52.0612 2084 SamSs - ok 08:59:52.0640 2084 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 08:59:52.0645 2084 sbp2port - ok 08:59:53.0096 2084 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:59:53.0117 2084 SCardSvr - ok 08:59:53.0142 2084 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 08:59:53.0146 2084 scfilter - ok 08:59:53.0556 2084 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 08:59:53.0575 2084 Schedule - ok 08:59:53.0775 2084 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 08:59:53.0778 2084 SCPolicySvc - ok 08:59:54.0000 2084 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 08:59:54.0011 2084 SDRSVC - ok 08:59:54.0065 2084 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:59:54.0068 2084 secdrv - ok 08:59:54.0082 2084 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 08:59:54.0091 2084 seclogon - ok 08:59:54.0104 2084 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 08:59:54.0107 2084 SENS - ok 08:59:54.0115 2084 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:59:54.0119 2084 SensrSvc - ok 08:59:54.0179 2084 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:59:54.0216 2084 Serenum - ok 08:59:54.0238 2084 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:59:54.0242 2084 Serial - ok 08:59:54.0258 2084 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:59:54.0260 2084 sermouse - ok 08:59:54.0278 2084 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 08:59:54.0282 2084 SessionEnv - ok 08:59:54.0290 2084 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 08:59:54.0291 2084 sffdisk - ok 08:59:54.0326 2084 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 08:59:54.0340 2084 sffp_mmc - ok 08:59:54.0365 2084 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 08:59:54.0367 2084 sffp_sd - ok 08:59:54.0382 2084 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:59:54.0385 2084 sfloppy - ok 08:59:54.0594 2084 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:59:54.0605 2084 SharedAccess - ok 08:59:54.0834 2084 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 08:59:54.0850 2084 ShellHWDetection - ok 08:59:54.0868 2084 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:59:54.0871 2084 SiSRaid2 - ok 08:59:54.0898 2084 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:59:54.0903 2084 SiSRaid4 - ok 08:59:55.0275 2084 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 08:59:55.0285 2084 SkypeUpdate - ok 08:59:55.0375 2084 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:59:55.0385 2084 Smb - ok 08:59:55.0425 2084 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:59:55.0435 2084 SNMPTRAP - ok 08:59:55.0475 2084 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:59:55.0475 2084 spldr - ok 08:59:55.0535 2084 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 08:59:55.0625 2084 Spooler - ok 08:59:57.0280 2084 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 08:59:57.0329 2084 sppsvc - ok 08:59:58.0696 2084 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:59:58.0725 2084 sppuinotify - ok 08:59:59.0568 2084 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 08:59:59.0579 2084 srv - ok 09:00:00.0863 2084 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 09:00:00.0996 2084 srv2 - ok 09:00:01.0268 2084 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 09:00:01.0301 2084 srvnet - ok 09:00:01.0834 2084 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 09:00:01.0879 2084 SSDPSRV - ok 09:00:01.0934 2084 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 09:00:01.0938 2084 SstpSvc - ok 09:00:02.0071 2084 Steam Client Service - ok 09:00:02.0173 2084 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 09:00:02.0175 2084 stexstor - ok 09:00:02.0276 2084 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 09:00:02.0319 2084 StillCam - ok 09:00:02.0658 2084 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 09:00:02.0685 2084 stisvc - ok 09:00:02.0713 2084 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 09:00:02.0714 2084 swenum - ok 09:00:02.0780 2084 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 09:00:02.0807 2084 swprv - ok 09:00:03.0454 2084 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 09:00:03.0484 2084 SysMain - ok 09:00:03.0573 2084 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 09:00:03.0584 2084 TabletInputService - ok 09:00:03.0624 2084 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 09:00:03.0630 2084 TapiSrv - ok 09:00:03.0676 2084 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 09:00:03.0687 2084 TBS - ok 09:00:04.0486 2084 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 09:00:04.0645 2084 Tcpip - ok 09:00:05.0029 2084 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 09:00:05.0049 2084 TCPIP6 - ok 09:00:05.0105 2084 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 09:00:05.0108 2084 tcpipreg - ok 09:00:05.0157 2084 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 09:00:05.0160 2084 TDPIPE - ok 09:00:05.0193 2084 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 09:00:05.0197 2084 TDTCP - ok 09:00:05.0232 2084 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 09:00:05.0236 2084 tdx - ok 09:00:07.0007 2084 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 09:00:07.0019 2084 TeamViewer7 - ok 09:00:07.0505 2084 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 09:00:07.0517 2084 TermDD - ok 09:00:07.0627 2084 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 09:00:07.0640 2084 TermService - ok 09:00:07.0649 2084 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 09:00:07.0652 2084 Themes - ok 09:00:07.0697 2084 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 09:00:07.0699 2084 THREADORDER - ok 09:00:07.0715 2084 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 09:00:07.0718 2084 TrkWks - ok 09:00:07.0756 2084 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 09:00:07.0757 2084 TrustedInstaller - ok 09:00:07.0775 2084 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 09:00:07.0777 2084 tssecsrv - ok 09:00:07.0807 2084 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 09:00:07.0809 2084 tunnel - ok 09:00:07.0824 2084 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 09:00:07.0826 2084 uagp35 - ok 09:00:07.0848 2084 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 09:00:07.0851 2084 udfs - ok 09:00:07.0871 2084 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 09:00:07.0874 2084 UI0Detect - ok 09:00:07.0896 2084 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 09:00:07.0898 2084 uliagpkx - ok 09:00:07.0923 2084 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 09:00:07.0924 2084 umbus - ok 09:00:07.0934 2084 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 09:00:07.0935 2084 UmPass - ok 09:00:08.0039 2084 UnlockerDriver5 (9dc07e73a4abb9acf692113b36a5009f) C:\Program Files\Unlocker\UnlockerDriver5.sys 09:00:08.0040 2084 UnlockerDriver5 - ok 09:00:08.0087 2084 Updater Service for StartNow Toolbar - ok 09:00:08.0126 2084 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 09:00:08.0131 2084 upnphost - ok 09:00:08.0173 2084 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 09:00:08.0173 2084 USBAAPL64 - ok 09:00:08.0216 2084 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 09:00:08.0218 2084 usbaudio - ok 09:00:08.0260 2084 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 09:00:08.0261 2084 usbccgp - ok 09:00:08.0277 2084 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 09:00:08.0278 2084 usbcir - ok 09:00:08.0309 2084 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 09:00:08.0310 2084 usbehci - ok 09:00:08.0333 2084 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 09:00:08.0336 2084 usbhub - ok 09:00:08.0382 2084 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 09:00:08.0383 2084 usbohci - ok 09:00:08.0428 2084 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 09:00:08.0429 2084 usbprint - ok 09:00:08.0448 2084 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:00:08.0449 2084 USBSTOR - ok 09:00:08.0467 2084 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 09:00:08.0468 2084 usbuhci - ok 09:00:08.0485 2084 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 09:00:08.0488 2084 UxSms - ok 09:00:08.0520 2084 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 09:00:08.0522 2084 VaultSvc - ok 09:00:08.0532 2084 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 09:00:08.0533 2084 vdrvroot - ok 09:00:08.0570 2084 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 09:00:08.0584 2084 vds - ok 09:00:08.0599 2084 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 09:00:08.0600 2084 vga - ok 09:00:08.0611 2084 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 09:00:08.0613 2084 VgaSave - ok 09:00:08.0635 2084 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 09:00:08.0637 2084 vhdmp - ok 09:00:08.0740 2084 VIAHdAudAddService (dfdf7f9caa50ee72a633ea4bbd65a557) C:\Windows\system32\drivers\viahduaa.sys 09:00:08.0764 2084 VIAHdAudAddService - ok 09:00:08.0781 2084 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 09:00:08.0782 2084 viaide - ok 09:00:08.0795 2084 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 09:00:08.0796 2084 volmgr - ok 09:00:08.0818 2084 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 09:00:08.0821 2084 volmgrx - ok 09:00:08.0840 2084 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 09:00:08.0843 2084 volsnap - ok 09:00:08.0867 2084 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 09:00:08.0869 2084 vsmraid - ok 09:00:08.0933 2084 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 09:00:08.0985 2084 VSS - ok 09:00:09.0117 2084 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 09:00:09.0118 2084 vwifibus - ok 09:00:09.0140 2084 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 09:00:09.0146 2084 W32Time - ok 09:00:09.0160 2084 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 09:00:09.0161 2084 WacomPen - ok 09:00:09.0176 2084 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 09:00:09.0176 2084 WANARP - ok 09:00:09.0186 2084 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 09:00:09.0186 2084 Wanarpv6 - ok 09:00:09.0269 2084 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 09:00:09.0296 2084 WatAdminSvc - ok 09:00:09.0391 2084 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 09:00:09.0404 2084 wbengine - ok 09:00:09.0450 2084 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 09:00:09.0453 2084 WbioSrvc - ok 09:00:09.0480 2084 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 09:00:09.0485 2084 wcncsvc - ok 09:00:09.0497 2084 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 09:00:09.0499 2084 WcsPlugInService - ok 09:00:09.0514 2084 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 09:00:09.0515 2084 Wd - ok 09:00:09.0550 2084 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 09:00:09.0564 2084 Wdf01000 - ok 09:00:09.0610 2084 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 09:00:09.0613 2084 WdiServiceHost - ok 09:00:09.0616 2084 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 09:00:09.0618 2084 WdiSystemHost - ok 09:00:09.0646 2084 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 09:00:09.0650 2084 WebClient - ok 09:00:09.0671 2084 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 09:00:09.0675 2084 Wecsvc - ok 09:00:09.0688 2084 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 09:00:09.0691 2084 wercplsupport - ok 09:00:09.0711 2084 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 09:00:09.0714 2084 WerSvc - ok 09:00:09.0727 2084 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 09:00:09.0728 2084 WfpLwf - ok 09:00:09.0742 2084 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 09:00:09.0743 2084 WIMMount - ok 09:00:09.0787 2084 WinDefend - ok 09:00:09.0793 2084 WinHttpAutoProxySvc - ok 09:00:10.0002 2084 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 09:00:10.0005 2084 Winmgmt - ok 09:00:10.0084 2084 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 09:00:10.0102 2084 WinRM - ok 09:00:10.0156 2084 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 09:00:10.0158 2084 WinUsb - ok 09:00:10.0202 2084 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 09:00:10.0210 2084 Wlansvc - ok 09:00:10.0498 2084 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:00:10.0517 2084 wlidsvc - ok 09:00:10.0545 2084 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 09:00:10.0546 2084 WmiAcpi - ok 09:00:10.0627 2084 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 09:00:10.0632 2084 wmiApSrv - ok 09:00:10.0654 2084 WMPNetworkSvc - ok 09:00:10.0665 2084 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 09:00:10.0668 2084 WPCSvc - ok 09:00:10.0701 2084 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 09:00:10.0704 2084 WPDBusEnum - ok 09:00:10.0717 2084 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 09:00:10.0718 2084 ws2ifsl - ok 09:00:10.0741 2084 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 09:00:10.0744 2084 wscsvc - ok 09:00:10.0746 2084 WSearch - ok 09:00:11.0347 2084 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 09:00:11.0374 2084 wuauserv - ok 09:00:11.0489 2084 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 09:00:11.0500 2084 WudfPf - ok 09:00:11.0520 2084 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 09:00:11.0523 2084 WUDFRd - ok 09:00:11.0535 2084 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 09:00:11.0538 2084 wudfsvc - ok 09:00:11.0556 2084 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 09:00:11.0560 2084 WwanSvc - ok 09:00:11.0850 2084 X6va005 - ok 09:00:11.0916 2084 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys 09:00:11.0917 2084 xusb21 - ok 09:00:11.0932 2084 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 09:00:12.0521 2084 \Device\Harddisk0\DR0 - ok 09:00:12.0531 2084 Boot (0x1200) (569f61d2009a314cf92fe6b26ef7665c) \Device\Harddisk0\DR0\Partition0 09:00:12.0536 2084 \Device\Harddisk0\DR0\Partition0 - ok 09:00:12.0551 2084 Boot (0x1200) (cbe77754ba3ac7f4ae9c8d35bf35ce1a) \Device\Harddisk0\DR0\Partition1 09:00:12.0552 2084 \Device\Harddisk0\DR0\Partition1 - ok 09:00:12.0553 2084 ============================================================ 09:00:12.0553 2084 Scan finished 09:00:12.0553 2084 ============================================================ 09:00:12.0567 5456 Detected object count: 0 09:00:12.0567 5456 Actual detected object count: 0 09:08:02.0352 4996 ============================================================ 09:08:02.0352 4996 Scan started 09:08:02.0352 4996 Mode: Manual; 09:08:02.0352 4996 ============================================================ 09:08:03.0714 4996 Scan interrupted by user! 09:08:03.0714 4996 Scan interrupted by user! 09:08:03.0714 4996 Scan interrupted by user! 09:08:03.0714 4996 ============================================================ 09:08:03.0714 4996 Scan finished 09:08:03.0714 4996 ============================================================ 09:08:03.0734 2152 Detected object count: 0 09:08:03.0734 2152 Actual detected object count: 0 09:08:07.0303 3736 Deinitialize success MBAM (considering buying the full version) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.21.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Toxi :: TOXI-PC [administrator] Protection: Disabled 6/21/2012 9:01:27 AM mbam-log-2012-06-21 (09-01-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 212089 Time elapsed: 7 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. So this has happened to me for atleast the third time now. I run a home hosted server from my computer and i leave it on so people can play on it while im gone. I've noticed sometimes when im on it will say. Outgoing ip: xx.xxx.xxx. or incoming Ip from either srcds (the program i use to host my server) or hl (the name for counter strike source a game) and that Mbam has blocked it. Also from time to time i get this pop up from mbam saying found c:\windows\keygen.exe, and if i wanted to quarantine or cancel or what ever. so i hit quarantine and then delete it. Yet it still pops up sometimes (i've checked the path and there is no keygen and i haven't downloaded a keygen!). Today i got home and my computer locked up on me just like the other times. I couldnt open anything like regular applications. Skype/ other programs aren't running or offline. Avast is saying it's shields are off (even after a restart). a temporary fix i do is run mbam in safe mode and if it finds anything let it do its thing and then get back on normally and everything is fine. Is this a virus? or is it my computer. I need help. im running safe mode atm since mbam or even rkill/explorer.exe won't run. Thank you. I should say i ran the file in safe mode is that alright since i can't do anything in normal mode. DDS txt file . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 Run by Toxi at 19:36:08 on 2012-06-20 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.3080 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\rundll32.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Toxi\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Users\Toxi\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=d423b1ad00000000000020cf30e440c9 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [Google Update] "C:\Users\Toxi\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [AdobeBridge] uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [<NO NAME>] mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{30C412A9-6682-47FF-A96D-0DFE05B75F96} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll BHO-X64: Babylon toolbar helper - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll BHO-X64: StartNow Toolbar Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.9\youtubedownloaderToolbarIE.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [(Default)] mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?] R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-5 354304] S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] S2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-13 792512] S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-16 44768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-11 8704] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-25 3027840] S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-4-28 18360] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-06-20 11:59:53 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\offreg.dll 2012-06-20 00:29:31 -------- d-----w- C:\Program Files\SmartFTP Client 2012-06-20 00:28:25 -------- d-----w- C:\Program Files (x86)\SmartFTP Client 4.0 (x64) Setup Files 2012-06-19 14:36:36 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78B12200-0C97-45D7-9823-D19182E1DFE6}\mpengine.dll 2012-06-18 23:44:37 -------- d-----w- C:\Program Files (x86)\Application Updater 2012-06-18 23:44:36 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar 2012-06-18 23:44:36 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2012-06-18 00:47:58 -------- d-----w- C:\Program Files\Unlocker 2012-06-17 16:59:45 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf 2012-06-17 16:59:37 -------- d-----w- C:\avast! sandbox 2012-06-16 18:23:46 -------- d-----w- C:\Program Files (x86)\GnuWin32 2012-06-14 19:48:39 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-14 19:48:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-14 19:48:38 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-14 19:48:36 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-14 19:48:32 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-14 19:48:30 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-14 19:48:29 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-14 19:48:25 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-06-14 19:48:23 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-14 19:48:21 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-06-14 19:48:19 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-14 19:47:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-14 19:47:51 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-14 19:47:51 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-14 19:47:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-14 19:47:49 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-14 19:47:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-14 18:54:03 -------- d-----w- C:\Users\Toxi\AppData\Roaming\Malwarebytes 2012-06-14 18:53:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-14 18:53:59 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-14 18:53:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-12 22:00:55 -------- d-----w- C:\srcds 2012-06-11 16:59:06 768848 ----a-w- C:\Windows\SysWow64\msvcr100.dll 2012-06-11 16:59:06 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll 2012-06-09 14:13:51 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-09 14:13:09 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-09 14:12:51 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-09 14:12:51 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-09 03:33:21 -------- d-----w- C:\Program Files (x86)\DriverTuner 2012-06-08 00:42:47 -------- d-----w- C:\Program Files (x86)\HmelyoffLabs 2012-06-07 21:19:47 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs 2012-06-07 21:18:36 -------- d-----w- C:\Users\Toxi\AppData\Roaming\SplitMediaLabs 2012-06-07 20:25:23 -------- d-----w- C:\Users\Toxi\AppData\Roaming\fltk.org 2012-06-07 20:25:23 -------- d-----w- C:\ProgramData\fltk.org 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-07 16:07:55 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-07 16:05:50 -------- d-----w- C:\Program Files\iPod 2012-06-07 16:05:49 -------- d-----w- C:\Program Files\iTunes 2012-06-07 16:05:49 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-04 00:57:06 -------- d-----w- C:\Users\Toxi\AppData\Roaming\Toribash 2012-06-04 00:56:46 -------- d-----w- C:\Games 2012-05-28 00:03:09 -------- d-----w- C:\Program Files\Core Temp 2012-05-27 23:59:47 23816 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys 2012-05-27 23:59:46 -------- d-----w- C:\Program Files\CPUID 2012-05-25 00:58:43 -------- d-----w- C:\ProgramData\EA Logs . ==================== Find3M ==================== . 2012-06-20 11:55:50 119296 ----a-w- C:\Windows\SysWow64\zlib.dll 2012-06-10 17:26:31 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-06-10 17:26:31 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-06-10 17:20:55 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-04 22:58:48 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 22:58:48 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-07-22 11:14:12 625736 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe . ============= FINISH: 19:37:12.25 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/15/2011 10:14:45 PM System Uptime: 6/20/2012 7:08:42 PM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A87TD EVO Processor: AMD Phenom™ II X4 970 Processor | AM3 | 3511/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 596 GiB total, 169.645 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 6500 E709n Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Officejet 6500 E709n Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Officejet 6500 E709n PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&27095923&0&2 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&27095923&0&2 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: avast! Network Shield Support Device ID: ROOT\LEGACY_ASWTDI\0000 Manufacturer: Name: avast! Network Shield Support PNP Device ID: ROOT\LEGACY_ASWTDI\0000 Service: aswTdi . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 6500_E709_eDocs 6500_E709_Help 6500_E709n 7-Zip 9.20 Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.1) Adobe Story Alan Wake Amnesia: The Dark Descent Apple Application Support Apple Software Update ATI Catalyst Registration Audiosurf Auto Clicker avast! Free Antivirus Babylon toolbar on IE Battlefield 2 Battlefield 3™ Battlefield 3™ Open Beta Battlefield: Bad Company 2 Battlelog Web Plugins BIT.TRIP BEAT bpd_scan BPDSoftware BPDSoftware_Ini BufferChm Call of Duty 4: Modern Warfare Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: Modern Warfare 2 - Multiplayer Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Multiplayer Call of Duty: World at War Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-core-static CCC Help English Cheat Engine 6.1 Circuit Construction Kit (DC Only) Counter-Strike: Source Coupon Printer for Windows Crysis 2 Dead Island Dead Space 2 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DivX Setup DocMgr DocProc DOOM 3 DriverTuner 3.1.0.0 Dropbox ESN Sonar F.E.A.R. F.E.A.R. 2: Project Origin F.E.A.R. 3 Faraday's Electromagnetic Lab Fax FileZilla Client 3.5.3 Forsaken World Fraps (remove only) Free YouTube Downloader 3.5.123 GameXN GO Geekbench 2.2 GnuWin32: Bzip2-1.0.5 Google Chrome Google Talk Plugin GPBaseService2 Half-Life 2 Half-Life Dedicated Server Update Tool Half-Life: Blue Shift Hi-Rez Studios Authenticate and Update Service HP Update HPProductAssistant HPSSupply Java Auto Updater Java™ 6 Update 31 Killing Floor Left 4 Dead Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch McAfee Security Scan Plus Medal of Honor™ Multiplayer Medal of Honor™ Single Player Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MP3Resizer 1.9.5 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mumble 1.2.3 NEC Electronics USB 3.0 Host Controller Driver Need for Speed™ Hot Pursuit NVIDIA PhysX OpenAL Origin PandoraRecovery (Remove Only) PAYDAY: The Heist Pinnacle Game Profiler Platform Portal 2 ProductContext PunkBuster Services Quake 4 QuickTime Raidcall Razer BlackWidow Ultimate Remote Mouse version 1.09 Resident Evil 5 Runes of Magic Rusty Hearts Saints Row: The Third Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Click to Call Skype™ 5.8 SmartFTP Client Setup Files 4.0 (x64) (remove only) SmartWebPrinting SolutionCenter Source Multiplayer Dedicated Server Source SDK Base 2007 SplitMediaLabs VH Screen Capture Driver (x86) Status Steam Super Street Fighter IV: Arcade Edition Synergy System Requirements Lab CYRI Team Fortress 2 TeamSpeak 3 Client TeamViewer 7 The Darkness II Toolbox TrayApp Tribes Ascend Closed Beta UE3Redist Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 Ventrilo Server VIA Platform Device Manager VNC Free Edition 4.1.3 WebReg Wolfenstein World of Warcraft Worms Reloaded Xvid 1.2.2 final uninstall YouTube Downloader 3.5 YouTube Downloader Toolbar v5.9 Zombie Panic Source . ==== Event Viewer Messages From Past Week ======== . 6/20/2012 7:57:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 6/20/2012 7:57:42 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/20/2012 7:55:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect. 6/20/2012 7:32:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 7:09:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 7:09:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/20/2012 7:09:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/20/2012 7:09:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/20/2012 7:09:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/20/2012 7:09:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6 6/20/2012 7:07:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service. 6/20/2012 7:07:04 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/20/2012 7:06:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 6/20/2012 7:06:34 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/20/2012 7:06:04 PM, Error: Service Control Manager [7022] - The Portable Device Enumerator Service service hung on starting. 6/20/2012 7:06:04 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 6/20/2012 7:06:04 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state. 6/20/2012 7:05:54 PM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting. 6/20/2012 7:04:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service. 6/20/2012 7:04:03 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/20/2012 7:03:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/20/2012 7:00:29 PM, Error: Service Control Manager [7034] - The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). 6/20/2012 7:00:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect. 6/20/2012 7:00:10 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/20/2012 12:50:54 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114). 6/20/2012 10:34:25 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 6/19/2012 7:51:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa8003321b10, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061912-20794-01. 6/17/2012 12:47:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service. 6/17/2012 12:47:40 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/17/2012 12:47:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. 6/17/2012 11:08:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service. 6/17/2012 11:08:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service. 6/17/2012 11:07:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service. 6/17/2012 11:06:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 6/17/2012 11:06:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RemoteAccess service. 6/17/2012 11:05:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service. 6/17/2012 11:05:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service. 6/17/2012 11:04:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. 6/17/2012 11:03:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service. 6/17/2012 11:03:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service. 6/17/2012 11:01:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service. 6/17/2012 10:37:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 6/17/2012 10:37:13 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/17/2012 1:03:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa8003321b10, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061712-34632-01. 6/14/2012 4:28:28 PM, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/14/2012 3:40:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:40:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:40:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:40:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:40:17 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:39:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:39:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 6/14/2012 3:38:42 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Routing and Remote Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/14/2012 3:38:16 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/14/2012 3:34:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffffae002149980, 0x0000000000000000, 0xfffff800020aabbb, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061412-28844-01. 6/14/2012 2:35:10 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/14/2012 2:32:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Overwolf Updater Service service to connect. 6/14/2012 2:32:39 PM, Error: Service Control Manager [7000] - The Overwolf Updater Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/14/2012 2:24:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioSrv service. 6/14/2012 2:23:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 6/14/2012 1:10:57 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. . ==== End Of File ===========================
  10. So this has happened to me for atleast the third time now. I run a home hosted server from my computer and i leave it on so people can play on it while im gone. I've noticed sometimes when im on it will say. Outgoing ip: xx.xxx.xxx. or incoming Ip from either srcds (the program i use to host my server) or hl (the name for counter strike source a game) and that Mbam has blocked it. Also from time to time i get this pop up from mbam saying found c:\windows\keygen.exe, and if i wanted to quarantine or cancel or what ever. so i hit quarantine and then delete it. Yet it still pops up sometimes (i've checked the path and there is no keygen and i haven't downloaded a keygen!). Today i got home and my computer locked up on me just like the other times. I couldnt open anything like regular applications. Skype/ other programs aren't running or offline. Avast is saying it's shields are off (even after a restart). a temporary fix i do is run mbam in safe mode and if it finds anything let it do its thing and then get back on normally and everything is fine. Is this a virus? or is it my computer. I need help. im running safe mode atm since mbam or even rkill/explorer.exe won't run. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.