Jump to content

Keylogger and Locking Administrator Privileges - Returns After Reboot

Weion

By Weion
in Resolved Malware Removal Logs

 Share

Recommended Posts

Weion

Weion

Posted
Posted

Hello, I have been having a few issues with my system lately, I have a key-logger (dclogs - Stolen.Data) that is contained within my "Roaming" folder on my account called 'dclogs' I have scanned with the MalwareBytes Anti-Malware software (The log is enclosed as well) which fixes the issues until I restart my system then the problem persists.

Other problems include: The FRAPS installer automatically launching when I start my system and asking me to install it; even though I have already un-installed it and deleted the installer, and the locking of cmd, regedit and the Task Manager which is fixed only temporarily until I reboot the system.

enc.

Attach.txt

DDS.txt

mbam-log-2012-08-21 (13-38-23).txt

Thank you for your assistance.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:17:30, on 21/08/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ToBsBtMng.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Users\Weion\AppData\Local\Temp\setup.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\Downloads\HijackThis.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621205252.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [NuonSoft Wallpaper Cycler] "C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe"

O4 - HKCU\..\Run: [steam] "F:\Program\Steam\steam.exe" -silent

O4 - HKCU\..\Run: [Google Update] "C:\Users\Weion\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2E0C7E5C41A09C2175F41044C513CB39] "C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - HKCU\..\Run: [updater] C:\Users\Weion\AppData\Local\Temp\updater.exe

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?

O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Unknown owner - F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 22865 bytes

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Weion and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Link to post
Share on other sites
Weion

Weion

Posted
  • Author
Posted

The Malware seems to be gone; I used a program called CCleaner (Using the most secure deletion method available to remove it) the malware was found in my 'Temp' folder so when that was gone then the virus became virtually non-existent.

Though I could still format it just in case. . .

I mainly use my system for College assignments, Video Editing and listening to my FLAC rips.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.22.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Weion :: WEION-TOSH [administrator]

Protection: Enabled

22/08/2012 21:02:36

mbam-log-2012-08-22 (21-02-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204044

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Weion at 13:53:43 on 2012-08-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5607.1916 [GMT 1:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

C:\Program Files\McAfee\MAT\McPvTray.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Users\Weion\AppData\Local\Temp\setup.exe

C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://toshiba.msn.com

uDefault_Page_URL = hxxp://toshiba.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621205252.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll

uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [NuonSoft Wallpaper Cycler] "C:\Program Files (x86)\NuonSoft\WallpaperCycler3\WallpaperCycler Lite.exe"

uRun: [steam] "F:\Program\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\Weion\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleChromeAutoLaunch_2E0C7E5C41A09C2175F41044C513CB39] "C:\Users\Weion\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [updater] C:\Users\Weion\AppData\Local\Temp\updater.exe

uRun: [AdobeBridge]

uRun: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [<NO NAME>]

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{659DB1E7-9AC6-480A-849C-520DE1CF0212} : DhcpNameServer = 50.30.0.51

TCP: Interfaces\{DB3413FB-3229-4993-AB04-83A8AF5293C7} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DB3413FB-3229-4993-AB04-83A8AF5293C7}\244584F6D65684572623D243646325 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{DB3413FB-3229-4993-AB04-83A8AF5293C7}\4514C4B44514C4B4D2145314937323 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DB3413FB-3229-4993-AB04-83A8AF5293C7}\6796277696E6D65646961683433333735373 : DhcpNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120621205252.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun-x64: [(Default)]

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\system32\DRIVERS\TVALZFL.sys --> C:\Windows\system32\DRIVERS\TVALZFL.sys [?]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\drivers\QIOMem.sys --> C:\Windows\system32\drivers\QIOMem.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTSUVSTOR.sys --> C:\Windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

.

=============== Created Last 30 ================

.

2012-08-21 12:11:47 -------- d-----w- C:\Users\Weion\AppData\Roaming\CleanMyPC Software

2012-08-21 12:11:23 -------- d-----w- C:\Program Files (x86)\CleanMyPC

2012-08-16 20:34:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-16 18:36:54 -------- d-----w- C:\Users\Weion\AppData\Local\Oblivion

2012-08-16 13:12:04 -------- d-----w- C:\Users\Weion\AppData\Local\{ECDD8F86-FAA7-4899-8B1F-8A22B4ED43FF}

2012-08-16 13:11:40 -------- d-----w- C:\Users\Weion\AppData\Local\{5D8285D8-BD1D-4D87-AF2E-A91EE52A362C}

2012-08-15 18:37:15 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 18:37:15 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 18:37:09 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 18:37:08 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 18:37:08 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 18:37:08 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 18:35:38 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 18:35:38 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 18:35:37 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 18:34:33 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 18:33:15 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-15 13:21:52 -------- d-----w- C:\Users\Weion\AppData\Local\{A8D2F97B-E28F-4D9F-9E98-417F473B5220}

2012-08-15 13:21:33 -------- d-----w- C:\Users\Weion\AppData\Local\{2986476C-4FFB-4088-ABA7-F5E54D29BB85}

2012-08-15 01:20:13 -------- d-----w- C:\Users\Weion\AppData\Local\{66FAD5E6-E947-4181-B881-946194DA6031}

2012-08-14 13:19:22 -------- d-----w- C:\Users\Weion\AppData\Local\{A6F58824-6668-43F8-88C1-67DFE13AD6C4}

2012-08-14 13:19:08 -------- d-----w- C:\Users\Weion\AppData\Local\{26172FF4-8A89-4589-B477-BD7AF6393E91}

2012-08-14 01:18:21 -------- d-----w- C:\Users\Weion\AppData\Local\{EDB3C888-557C-444B-BA7A-92DFC24CD21D}

2012-08-13 13:17:24 -------- d-----w- C:\Users\Weion\AppData\Local\{F32BC1B0-EA18-4D2E-A985-DAADDCEC4C34}

2012-08-13 13:17:10 -------- d-----w- C:\Users\Weion\AppData\Local\{E1D377EE-5CD0-47BE-9705-B726314F3157}

2012-08-13 01:14:55 -------- d-----w- C:\Users\Weion\AppData\Local\{AC93439A-148F-4EE5-B0C4-395DD335C160}

2012-08-12 21:59:00 -------- d-----w- C:\ProgramData\ALM

2012-08-12 21:50:53 -------- d-----w- C:\Users\Weion\Adobe Flash Builder 4.6

2012-08-12 13:14:06 -------- d-----w- C:\Users\Weion\AppData\Local\{EB304B0B-6AAD-4AA4-ADF5-4CAC6AC7026E}

2012-08-12 13:13:49 -------- d-----w- C:\Users\Weion\AppData\Local\{1196BAD8-F89C-491D-A29D-F3CDE20D328C}

2012-08-11 20:56:46 -------- d-----w- C:\Users\Weion\AppData\Local\{17C73F6C-8C2E-441F-AF01-2E8ECE2385C7}

2012-08-11 20:56:33 -------- d-----w- C:\Users\Weion\AppData\Local\{9FF3B091-FFC1-450F-B0B0-D9B78A383E94}

2012-08-11 19:01:39 -------- d-----w- C:\Users\Weion\AppData\Local\Chromium

2012-08-11 18:54:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-11 18:54:44 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-08-11 08:55:39 -------- d-----w- C:\Users\Weion\AppData\Local\{60D94D09-08BA-4AAD-BB79-0B3DE21AB248}

2012-08-11 08:55:25 -------- d-----w- C:\Users\Weion\AppData\Local\{5CA916D6-7C2A-42C9-A5AB-9E515653206E}

2012-08-10 14:08:27 -------- d-----w- C:\Fraps

2012-08-10 12:45:35 -------- d-----w- C:\Users\Weion\AppData\Local\{BACA3FBC-6B87-4347-B2F5-80111FC197CD}

2012-08-10 12:45:16 -------- d-----w- C:\Users\Weion\AppData\Local\{728AF284-4A53-4552-8C2B-7D695E05244C}

2012-08-10 00:44:34 -------- d-----w- C:\Users\Weion\AppData\Local\{2897F38E-3470-445B-B9B4-1F7F0B642931}

2012-08-10 00:44:20 -------- d-----w- C:\Users\Weion\AppData\Local\{8C32C729-93B3-497C-8C61-11235116586C}

2012-08-09 17:33:31 -------- d-----w- C:\ProgramData\Hi-Rez Studios

2012-08-09 12:43:08 -------- d-----w- C:\Users\Weion\AppData\Local\{0FB19E28-0687-4724-B023-06C173943F70}

2012-08-09 12:42:53 -------- d-----w- C:\Users\Weion\AppData\Local\{90FC6B04-0B4D-4A69-BBF9-2B32663B4DEB}

2012-08-08 23:31:02 -------- d-----w- C:\Users\Weion\AppData\Local\{FA9445B5-BD93-4EB7-8740-CA009BA1D599}

2012-08-08 23:30:45 -------- d-----w- C:\Users\Weion\AppData\Local\{79383D15-930B-4B33-A196-B25DA10BAC82}

2012-08-08 11:29:44 -------- d-----w- C:\Users\Weion\AppData\Local\{C08807D7-FACF-47D5-AC0D-70050B27C4B2}

2012-08-08 11:29:28 -------- d-----w- C:\Users\Weion\AppData\Local\{6E75FE72-A01F-4FF2-8408-08B8F51B8FCA}

2012-08-07 22:12:10 -------- d-----w- C:\Windows\en

2012-08-07 22:08:07 -------- d-----w- C:\Windows\sv

2012-08-07 22:07:50 -------- d-----w- C:\Windows\no

2012-08-07 22:07:32 -------- d-----w- C:\Windows\fi

2012-08-07 22:07:14 -------- d-----w- C:\Windows\da

2012-08-07 21:49:25 19720 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-08-07 21:43:24 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\abd8efed1cd74e502\MeshBetaRemover.exe

2012-08-07 21:43:22 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa91c5231cd74e501\DSETUP.dll

2012-08-07 21:43:22 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa91c5231cd74e501\DXSETUP.exe

2012-08-07 21:43:22 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aa91c5231cd74e501\dsetup32.dll

2012-08-07 12:17:26 0 ----a-we C:\Users\Weion\Redfaction.exe

2012-08-07 08:24:29 -------- d-----w- C:\Users\Weion\AppData\Local\{F23C9609-2B00-47CA-93AD-44924B214F1C}

2012-08-07 08:24:12 -------- d-----w- C:\Users\Weion\AppData\Local\{EDB684DD-9BA9-417C-B358-4216A9B1FE34}

2012-08-06 20:12:12 -------- d-----w- C:\Users\Weion\AppData\Local\{D64E5332-D43B-411C-98D5-1E0CAD3F666E}

2012-08-06 20:11:49 -------- d-----w- C:\Users\Weion\AppData\Local\{988F4586-C901-4C8B-9673-97899501563F}

2012-08-06 13:54:43 -------- d-----w- C:\Users\Weion\AppData\Local\The Lord of the Rings Online

2012-08-06 13:17:09 -------- d-----w- C:\Users\Weion\AppData\Local\Turbine

2012-08-06 13:16:53 -------- d-----w- C:\Users\Weion\AppData\Local\ApplicationHistory

2012-08-06 13:14:10 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2012-08-06 10:06:43 -------- d-----w- C:\Users\Weion\AppData\Local\{AF706804-14E7-415E-BC9E-40347723E8CB}

2012-08-06 10:06:17 -------- d-----w- C:\Users\Weion\AppData\Local\{D9F3C9C9-2E3A-410D-85A0-EC3B3DA14D0B}

2012-08-06 10:05:26 -------- d-----w- C:\Users\Weion\AppData\Local\{5998BBBC-16B5-490A-84A8-9803159F46E7}

2012-08-06 10:05:13 -------- d-----w- C:\Users\Weion\AppData\Local\{2D8967BE-5DDF-4FD0-B7C3-5C31845262A6}

2012-08-06 10:04:16 -------- d-----w- C:\Users\Weion\AppData\Local\{9B5C419E-F6D4-4D93-8A9A-D11458BD3F40}

2012-08-06 10:04:05 -------- d-----w- C:\Users\Weion\AppData\Local\{5BA6AC0B-1383-4FA2-9364-8B8F36A9F1B7}

2012-08-06 10:03:53 -------- d-----w- C:\Users\Weion\AppData\Local\{10BFB0BF-A41B-4A27-9B80-BE5F348DFE54}

2012-08-06 10:03:29 -------- d-----w- C:\Users\Weion\AppData\Local\{750AEFEB-AA75-459B-B147-B899EE3BC326}

2012-08-06 10:00:34 -------- d-----w- C:\Users\Weion\AppData\Local\{B3BCEC0A-4702-48A9-8976-70C36A39D003}

2012-08-06 10:00:11 -------- d-----w- C:\Users\Weion\AppData\Local\{51343D43-DEF6-43E5-8CDF-90B871BD0648}

2012-08-05 12:07:02 -------- d-----w- C:\Users\Weion\AppData\Local\{B79EC7CB-AAD8-492D-AD99-A56BB6B8452C}

2012-08-05 12:06:24 -------- d-----w- C:\Users\Weion\AppData\Local\{0A2650A8-3197-4BC3-9DC0-02D335E99E56}

2012-08-04 20:33:34 -------- d-----w- C:\Users\Weion\AppData\Local\{8B09D803-EBD0-4E4A-8B07-F1BC11E1D2DD}

2012-08-04 20:33:00 -------- d-----w- C:\Users\Weion\AppData\Local\{A2013CD2-AA24-42BB-AECF-DB851F3FC54A}

2012-08-04 16:18:22 -------- d-----w- C:\Users\Weion\AppData\Local\{917547E3-AF06-4F28-9FF1-55F514DF2B61}

2012-08-04 16:18:12 -------- d-----w- C:\Users\Weion\AppData\Local\{27BAA314-BEC0-4B54-B529-EF49ACDA29D6}

2012-08-04 16:18:02 -------- d-----w- C:\Users\Weion\AppData\Local\{BEB5FD46-88BE-4615-8B3F-E7120B41CAFC}

2012-08-04 16:17:50 -------- d-----w- C:\Users\Weion\AppData\Local\{D72D7287-2CD4-4192-856D-508F8EAA57FC}

2012-08-04 13:17:36 -------- d-----w- C:\Users\Weion\AppData\Local\{A021A136-CF97-4719-A3AB-B4C210666148}

2012-08-04 13:17:21 -------- d-----w- C:\Users\Weion\AppData\Local\{DE688450-9F58-45E9-A045-9C2F9873B24C}

2012-08-04 13:15:41 -------- d-----w- C:\Users\Weion\AppData\Local\{E91959BE-349A-42A5-9A47-82F2259DC98F}

2012-08-04 13:15:29 -------- d-----w- C:\Users\Weion\AppData\Local\{3F6D4A1E-3E99-44E6-B5F5-2C16CE9B0A50}

2012-08-04 11:33:44 -------- d-----w- C:\Users\Weion\AppData\Local\{1C72814A-9184-4E3C-8DBA-80A38C99EC5E}

2012-08-04 11:33:28 -------- d-----w- C:\Users\Weion\AppData\Local\{0872E23B-42BD-4BFA-9146-A72712DE51E2}

2012-08-04 00:05:49 -------- d-----w- C:\Users\Weion\AppData\Local\{E35A0C7B-F559-4F7C-96A2-9BEC738CE958}

2012-08-04 00:02:18 -------- d-----w- C:\Users\Weion\AppData\Local\{48AC3AD2-8965-45C5-8606-449A70F047FD}

2012-08-03 23:58:48 -------- d-----w- C:\Users\Weion\AppData\Local\{8D7572A4-0973-48CA-96BA-F7764DD1F861}

2012-08-03 13:15:56 -------- d-----w- C:\Users\Weion\AppData\Local\ArmA 2

2012-08-03 12:27:22 -------- d-----w- C:\Program Files (x86)\SIX Projects

2012-08-03 12:25:49 -------- d-----w- C:\Users\Weion\AppData\Local\Downloaded Installations

2012-08-03 12:25:07 -------- d-----w- C:\Users\Weion\AppData\Roaming\ProgSense

2012-08-03 11:06:25 -------- d-----w- C:\Users\Weion\AppData\Local\{EB58A50F-1068-4A9B-BFE3-157D665A47A6}

2012-08-03 11:06:14 -------- d-----w- C:\Users\Weion\AppData\Local\{12172092-A6F9-48ED-A0B7-2E38B8C01F59}

2012-08-02 14:16:25 -------- d-----w- C:\Users\Weion\AppData\Local\Windows Live

2012-08-02 14:16:08 -------- d-----w- C:\Users\Weion\AppData\Local\{F7C6A63F-F9ED-4C01-94D3-CFFDDDA1AEC1}

2012-08-02 14:16:06 -------- d-----w- C:\Users\Weion\AppData\Local\{F0BBED52-CFF5-4954-A218-7EEDF969A4B5}

2012-08-02 14:15:48 -------- d-----w- C:\Users\Weion\Tracing

2012-07-31 15:54:54 49664 ----a-w- C:\Windows\System32\CamCodec.dll

2012-07-31 15:54:53 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b

.

==================== Find3M ====================

.

2012-08-21 10:17:52 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2012-07-25 10:04:22 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-25 10:04:22 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-25 09:50:08 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-21 07:11:40 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-07-21 07:11:38 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-07-16 02:37:27 419840 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-07-16 02:37:27 133632 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-07-16 02:37:26 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-07-16 02:37:26 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-07-13 00:27:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-07-12 20:23:36 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-07-04 01:38:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-07-04 01:38:20 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-11 12:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 12:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 12:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 12:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 12:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 12:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 12:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-11 12:48:34 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-11 12:48:30 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-06 19:59:42 1070152 ------w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-06-01 15:01:05 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

.

============= FINISH: 14:10:30.85 ===============

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.