th3fall3n777 Posted August 16, 2013 ID:716104 Share Posted August 16, 2013 I have a computer here (laptop) with Windows 7 Home Premium Edition, that is heavily infected with malware. If you allow it to book to the desktop, there is a FBI scareware banner that pops which prevents you from taking any other actions. I should note, this is not my laptop, but was brought in for cleaning from a client - normally I wouldn't request assistance in a case like this, but this person is part of the fire department from a local community, and I am helping him pro-Bono. I tried to create a HitMan Pro Kickstart USB, which works, but only to a degree - it gets me into HitMan, and a "pre-boot limbo" - the desktop isn't fully loaded, but HitMan is able to run. The problem is, I do not have a license of HitMan Pro, so it only enables me to use the scanner - to use the actual cleaner, I have to purchase a license. If this is the only tool that can get me into this laptop, then I will pony up the dough, but that is why I am here. I am out of ideas. I know there is a requisite to run a DDS scan, but I do not have the ability to do so, unless there is a way to do so pre-boot.. Is this something you could help with? If not, it's back to Google Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 16, 2013 ID:716105 Share Posted August 16, 2013 This should get you going. Please do the following: For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select English as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptIn the command window type in notepad and press Enter.The notepad opens. Under File menu select Open.Select "Computer" and find your flash drive letter and close the notepad.In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.The tool will start to run.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Note:Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly" -------> Your topic will be closed if you haven't replied within 3 days! <--------(If I don't respond within 24 hours, please send me a PM)-DFB Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 17, 2013 Author ID:716234 Share Posted August 17, 2013 Thank you for helping me with this - I will put together this USB following your instructions and post the results. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 17, 2013 ID:716306 Share Posted August 17, 2013 Sounds good. Keep me posted Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 18, 2013 Author ID:716755 Share Posted August 18, 2013 Ran into a roadbump - when I hit F8, nothing happened, but I saw your instructions indicated I was looking for the Boot Menu. This model had an indicator saying push F12 for the Boot Menu, so I did that, but there is not Repair option available, I have Boot from HDD, Boot from USB, Boot from CDRW, or System Recovery. I tried selecting system recovery, but then stopped because I got a message asking if I was sure I wanted to continue with system recovery. That made me a little nervous as I don't want to accidentally wipe out the hard drive or anything! Any ideas? Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 18, 2013 Author ID:716756 Share Posted August 18, 2013 Nevermind, I got it - I had to improperly shut down the system - I was then presented with the option for Repair - proceeding with directions now. Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 18, 2013 Author ID:716767 Share Posted August 18, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013Ran by SYSTEM on 18-08-2013 09:14:17Running from E:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Recovery The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x]HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)HKLM-x32\...\Run: [bringMeSports Search Scope Monitor] - C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe [42536 2012-09-17] (MindSpark)HKLM-x32\...\Run: [bringMeSports_1c Browser Plugin Loader] - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe [30096 2012-09-17] (VER_COMPANY_NAME)HKU\Fire Training\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-12] (Google Inc.)HKU\Fire Training\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)HKU\Fire Training\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2908536 2012-07-23] (TechSmith Corporation)HKU\Fire Training\...\Winlogon: [shell] explorer.exe,C:\Users\Fire Training\AppData\Roaming\skype.dat [155648 2011-11-16] (SmartTech Software Group) <==== ATTENTION Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnkShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnkShortcutTarget: Monitor Ink Alerts - HP Officejet 6600 (Network).lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 BringMeSports_1cService; C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [42504 2012-09-17] (COMPANYVERS_NAME)S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [x]S2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [x] ==================== Drivers (Whitelisted) ==================== S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-14 12:37 - 2013-08-14 12:37 - 00000000 ____D C:\ProgramData\HitmanPro2013-08-13 14:38 - 2013-08-16 20:05 - 00000004 _____ C:\Users\Fire Training\AppData\Roaming\skype.ini ==================== One Month Modified Files and Folders ======= 2013-08-18 09:13 - 2013-08-18 09:13 - 00000000 ____D C:\FRST2013-08-18 05:31 - 2011-09-12 05:34 - 01408112 _____ C:\Windows\WindowsUpdate.log2013-08-18 05:31 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-08-18 05:31 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-08-18 05:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-08-18 05:29 - 2009-07-13 20:51 - 00043252 _____ C:\Windows\setupact.log2013-08-16 20:05 - 2013-08-13 14:38 - 00000004 _____ C:\Users\Fire Training\AppData\Roaming\skype.ini2013-08-16 20:05 - 2012-08-11 05:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-08-16 20:05 - 2011-09-12 06:09 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-08-16 13:52 - 2009-07-13 21:13 - 00006222 _____ C:\Windows\System32\PerfStringBackup.INI2013-08-16 13:48 - 2011-09-12 06:09 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-08-14 12:43 - 2011-12-27 04:43 - 00000000 ____D C:\Users\Fire Training\AppData\Local\CrashDumps2013-08-14 12:37 - 2013-08-14 12:37 - 00000000 ____D C:\ProgramData\HitmanPro2013-08-13 14:06 - 2009-04-05 13:35 - 00000000 ____D C:\Users\Fire Training\Desktop\Fire Dept2013-08-07 15:15 - 2009-07-13 20:45 - 00418144 _____ C:\Windows\System32\FNTCACHE.DAT2013-08-07 15:14 - 2013-03-14 13:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-08-07 15:14 - 2013-03-14 13:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2013-08-07 15:13 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal2013-08-07 15:13 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender2013-08-07 15:13 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender2013-07-30 13:53 - 2013-03-20 13:25 - 00000000 ____D C:\Users\Fire Training\Desktop\2013 Training Tracker2013-07-25 17:09 - 2011-10-30 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help2013-07-25 17:02 - 2012-09-18 02:40 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete:====================C:\Users\Fire Training\AppData\Roaming\skype.datC:\Users\Fire Training\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-04 12:59:01Restore point made on: 2013-04-13 09:48:15Restore point made on: 2013-04-15 16:01:02Restore point made on: 2013-04-24 16:17:46Restore point made on: 2013-04-29 13:34:10Restore point made on: 2013-05-02 14:17:21Restore point made on: 2013-05-10 09:11:26Restore point made on: 2013-05-17 08:13:00Restore point made on: 2013-05-29 13:58:56Restore point made on: 2013-06-05 13:28:32Restore point made on: 2013-06-17 13:46:50Restore point made on: 2013-06-19 14:14:28Restore point made on: 2013-06-22 15:33:31Restore point made on: 2013-06-25 16:32:45Restore point made on: 2013-06-29 09:58:02Restore point made on: 2013-07-08 16:17:14Restore point made on: 2013-07-09 00:19:27Restore point made on: 2013-07-10 13:43:59Restore point made on: 2013-07-16 12:56:13Restore point made on: 2013-07-25 16:52:23Restore point made on: 2013-07-30 13:45:02Restore point made on: 2013-08-07 14:31:50 ==================== Memory info =========================== Percentage of memory in use: 20%Total physical RAM: 3562.12 MBAvailable physical RAM: 2847.76 MBTotal Pagefile: 3560.32 MBAvailable Pagefile: 2870.38 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI106231W0C) (Fixed) (Total:450.17 GB) (Free:396.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (Aug 18 2013) (CDROM) (Total:0.69 GB) (Free:0.64 GB) UDFDrive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 81AC88D8)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14 GB) - (Type=17) LastRegBack: 2013-03-06 14:53 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 19, 2013 ID:717124 Share Posted August 19, 2013 Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.Right-click in the open notepad and select Paste).Save it on the flashdrive as fixlist.txt HKU\Fire Training\...\Winlogon: [shell] explorer.exe,C:\Users\Fire Training\AppData\Roaming\skype.dat [155648 2011-11-16] (SmartTech Software Group) <==== ATTENTIONC:\Users\Fire Training\AppData\Roaming\skype.datC:\Users\Fire Training\AppData\Roaming\skype.iniNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options.Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove. Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 20, 2013 Author ID:717557 Share Posted August 20, 2013 You sir are a genius - I was able to log this user back in. I told them I still need the laptop for another day or so though. Here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013Ran by SYSTEM at 2013-08-19 20:51:48 Run:1Running from E:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Fire Training\...\Winlogon: [shell] explorer.exe,C:\Users\Fire Training\AppData\Roaming\skype.dat [155648 2011-11-16] (SmartTech Software Group) <==== ATTENTIONC:\Users\Fire Training\AppData\Roaming\skype.datC:\Users\Fire Training\AppData\Roaming\skype.ini***************** HKU\Fire Training\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\Users\Fire Training\AppData\Roaming\skype.dat => Moved successfully.C:\Users\Fire Training\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 20, 2013 Author ID:717570 Share Posted August 20, 2013 Just out of curiosity - well that and the department's Compliance admin is asking me - is there any identification for what this infection is? Is there a resource I can use to point her to for what it is capable of? They're concerned that confidential data on this laptop may have been compromised.... any resource you could point me too would be appreciated. I'm also at the desktop and ready for the next instructions. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 20, 2013 ID:717929 Share Posted August 20, 2013 Just out of curiosity - well that and the department's Compliance admin is asking me - is there any identification for what this infection is? Is there a resource I can use to point her to for what it is capable of? They're concerned that confidential data on this laptop may have been compromised.... any resource you could point me too would be appreciated.If this is a business system I would advise you to seek the assistance of your IT/Technical Support, as we can't be responsible for potential damage to the machines. The malware itself was designed to get financial information. With that said, there may be more malware on the machine; please let me know if you have the authorization to clean this system and we'll continue on. Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 21, 2013 Author ID:718326 Share Posted August 21, 2013 Just checking to see if you got my Private Message - Yes I do have authorization - the details are in the private message. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 21, 2013 ID:718338 Share Posted August 21, 2013 Okay here's what I'd like you to do next. You may have to run some of these programs in Safe Mode if you can't successfully use Normal Mode. ----------Step 1----------------Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.----------Step 2----------------Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt----------Step 3----------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.----------Step 4----------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.----------Step 5----------------In your next reply, please include the following:TDSSKiller's logfileMBAR mbar-log.txt and system-log.txtComboFix's report (C:\ComboFix.txt)Security Check checkup.txtAfter that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 22, 2013 Author ID:718853 Share Posted August 22, 2013 TDDSSKiller - No Threats Detected14:44:58.0474 0x16d0 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:2914:44:58.0520 0x16d0 ============================================================14:44:58.0520 0x16d0 Current date / time: 2013/08/21 14:44:58.052014:44:58.0520 0x16d0 SystemInfo:14:44:58.0520 0x16d0 14:44:58.0520 0x16d0 OS Version: 6.1.7601 ServicePack: 1.014:44:58.0520 0x16d0 Product type: Workstation14:44:58.0520 0x16d0 ComputerName: FIRETRAINING-PC14:44:58.0520 0x16d0 UserName: Fire Training14:44:58.0520 0x16d0 Windows directory: C:\windows14:44:58.0520 0x16d0 System windows directory: C:\windows14:44:58.0520 0x16d0 Running under WOW6414:44:58.0520 0x16d0 Processor architecture: Intel x6414:44:58.0520 0x16d0 Number of processors: 414:44:58.0520 0x16d0 Page size: 0x100014:44:58.0520 0x16d0 Boot type: Normal boot14:44:58.0520 0x16d0 ============================================================14:44:59.0706 0x16d0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004014:44:59.0722 0x16d0 ============================================================14:44:59.0722 0x16d0 \Device\Harddisk0\DR0:14:44:59.0722 0x16d0 MBR partitions:14:44:59.0722 0x16d0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3845600014:44:59.0722 0x16d0 ============================================================14:44:59.0753 0x16d0 C: <-> \Device\Harddisk0\DR0\Partition114:44:59.0753 0x16d0 ============================================================14:44:59.0753 0x16d0 Initialize success14:44:59.0753 0x16d0 ============================================================14:45:19.0783 0x15b8 ============================================================14:45:19.0783 0x15b8 Scan started14:45:19.0783 0x15b8 Mode: Manual; 14:45:19.0783 0x15b8 ============================================================14:45:20.0610 0x15b8 ================ Scan system memory ========================14:45:20.0610 0x15b8 System memory - ok14:45:20.0610 0x15b8 ================ Scan services =============================14:45:20.0782 0x15b8 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys14:45:20.0797 0x15b8 1394ohci - ok14:45:20.0828 0x15b8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys14:45:20.0828 0x15b8 ACPI - ok14:45:20.0875 0x15b8 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys14:45:20.0875 0x15b8 AcpiPmi - ok14:45:21.0016 0x15b8 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe14:45:21.0016 0x15b8 AdobeFlashPlayerUpdateSvc - ok14:45:21.0078 0x15b8 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys14:45:21.0078 0x15b8 adp94xx - ok14:45:21.0140 0x15b8 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys14:45:21.0140 0x15b8 adpahci - ok14:45:21.0187 0x15b8 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys14:45:21.0203 0x15b8 adpu320 - ok14:45:21.0234 0x15b8 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll14:45:21.0234 0x15b8 AeLookupSvc - ok14:45:21.0281 0x15b8 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys14:45:21.0281 0x15b8 AFD - ok14:45:21.0328 0x15b8 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys14:45:21.0343 0x15b8 agp440 - ok14:45:21.0374 0x15b8 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe14:45:21.0374 0x15b8 ALG - ok14:45:21.0406 0x15b8 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys14:45:21.0406 0x15b8 aliide - ok14:45:21.0452 0x15b8 [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe14:45:21.0452 0x15b8 AMD External Events Utility - ok14:45:21.0484 0x15b8 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys14:45:21.0484 0x15b8 amdide - ok14:45:21.0515 0x15b8 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys14:45:21.0515 0x15b8 AmdK8 - ok14:45:21.0733 0x15b8 [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys14:45:21.0952 0x15b8 amdkmdag - ok14:45:21.0998 0x15b8 [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys14:45:21.0998 0x15b8 amdkmdap - ok14:45:22.0030 0x15b8 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys14:45:22.0030 0x15b8 AmdPPM - ok14:45:22.0061 0x15b8 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys14:45:22.0061 0x15b8 amdsata - ok14:45:22.0076 0x15b8 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys14:45:22.0076 0x15b8 amdsbs - ok14:45:22.0076 0x15b8 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys14:45:22.0092 0x15b8 amdxata - ok14:45:22.0123 0x15b8 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys14:45:22.0123 0x15b8 AppID - ok14:45:22.0170 0x15b8 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll14:45:22.0170 0x15b8 AppIDSvc - ok14:45:22.0217 0x15b8 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll14:45:22.0217 0x15b8 Appinfo - ok14:45:22.0232 0x15b8 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys14:45:22.0232 0x15b8 arc - ok14:45:22.0264 0x15b8 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys14:45:22.0264 0x15b8 arcsas - ok14:45:22.0435 0x15b8 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe14:45:22.0435 0x15b8 aspnet_state - ok14:45:22.0466 0x15b8 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys14:45:22.0466 0x15b8 AsyncMac - ok14:45:22.0482 0x15b8 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys14:45:22.0482 0x15b8 atapi - ok14:45:22.0544 0x15b8 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys14:45:22.0544 0x15b8 AtiHDAudioService - ok14:45:22.0576 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll14:45:22.0591 0x15b8 AudioEndpointBuilder - ok14:45:22.0622 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll14:45:22.0622 0x15b8 AudioSrv - ok14:45:22.0638 0x15b8 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll14:45:22.0638 0x15b8 AxInstSV - ok14:45:22.0685 0x15b8 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys14:45:22.0685 0x15b8 b06bdrv - ok14:45:22.0732 0x15b8 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys14:45:22.0732 0x15b8 b57nd60a - ok14:45:22.0825 0x15b8 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe14:45:22.0825 0x15b8 BBSvc - ok14:45:22.0856 0x15b8 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe14:45:22.0856 0x15b8 BBUpdate - ok14:45:22.0888 0x15b8 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll14:45:22.0888 0x15b8 BDESVC - ok14:45:22.0903 0x15b8 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys14:45:22.0903 0x15b8 Beep - ok14:45:22.0934 0x15b8 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll14:45:22.0950 0x15b8 BFE - ok14:45:22.0981 0x15b8 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll14:45:22.0997 0x15b8 BITS - ok14:45:23.0028 0x15b8 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys14:45:23.0028 0x15b8 blbdrive - ok14:45:23.0059 0x15b8 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys14:45:23.0075 0x15b8 bowser - ok14:45:23.0106 0x15b8 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys14:45:23.0106 0x15b8 BrFiltLo - ok14:45:23.0122 0x15b8 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys14:45:23.0122 0x15b8 BrFiltUp - ok14:45:23.0184 0x15b8 [ 622FCF264119F7DF127BE353F796B319 ] BringMeSports_1cService C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe14:45:23.0184 0x15b8 BringMeSports_1cService - ok14:45:23.0231 0x15b8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll14:45:23.0246 0x15b8 Browser - ok14:45:23.0278 0x15b8 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys14:45:23.0293 0x15b8 Brserid - ok14:45:23.0324 0x15b8 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys14:45:23.0324 0x15b8 BrSerWdm - ok14:45:23.0340 0x15b8 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys14:45:23.0340 0x15b8 BrUsbMdm - ok14:45:23.0356 0x15b8 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys14:45:23.0356 0x15b8 BrUsbSer - ok14:45:23.0418 0x15b8 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys14:45:23.0418 0x15b8 BthEnum - ok14:45:23.0449 0x15b8 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys14:45:23.0449 0x15b8 BTHMODEM - ok14:45:23.0496 0x15b8 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys14:45:23.0496 0x15b8 BthPan - ok14:45:23.0558 0x15b8 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys14:45:23.0574 0x15b8 BTHPORT - ok14:45:23.0605 0x15b8 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll14:45:23.0605 0x15b8 bthserv - ok14:45:23.0636 0x15b8 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys14:45:23.0636 0x15b8 BTHUSB - ok14:45:23.0668 0x15b8 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys14:45:23.0668 0x15b8 cdfs - ok14:45:23.0714 0x15b8 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys14:45:23.0730 0x15b8 cdrom - ok14:45:23.0761 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll14:45:23.0761 0x15b8 CertPropSvc - ok14:45:23.0792 0x15b8 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys14:45:23.0792 0x15b8 circlass - ok14:45:23.0855 0x15b8 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys14:45:23.0855 0x15b8 CLFS - ok14:45:23.0902 0x15b8 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe14:45:23.0902 0x15b8 clr_optimization_v2.0.50727_32 - ok14:45:23.0948 0x15b8 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe14:45:23.0948 0x15b8 clr_optimization_v2.0.50727_64 - ok14:45:24.0011 0x15b8 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe14:45:24.0011 0x15b8 clr_optimization_v4.0.30319_32 - ok14:45:24.0042 0x15b8 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe14:45:24.0042 0x15b8 clr_optimization_v4.0.30319_64 - ok14:45:24.0073 0x15b8 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys14:45:24.0073 0x15b8 CmBatt - ok14:45:24.0089 0x15b8 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys14:45:24.0104 0x15b8 cmdide - ok14:45:24.0151 0x15b8 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys14:45:24.0151 0x15b8 CNG - ok14:45:24.0182 0x15b8 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys14:45:24.0182 0x15b8 Compbatt - ok14:45:24.0214 0x15b8 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys14:45:24.0214 0x15b8 CompositeBus - ok14:45:24.0229 0x15b8 COMSysApp - ok14:45:24.0260 0x15b8 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys14:45:24.0260 0x15b8 crcdisk - ok14:45:24.0307 0x15b8 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll14:45:24.0307 0x15b8 CryptSvc - ok14:45:24.0370 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll14:45:24.0385 0x15b8 DcomLaunch - ok14:45:24.0416 0x15b8 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll14:45:24.0432 0x15b8 defragsvc - ok14:45:24.0448 0x15b8 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys14:45:24.0448 0x15b8 DfsC - ok14:45:24.0494 0x15b8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll14:45:24.0510 0x15b8 Dhcp - ok14:45:24.0541 0x15b8 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys14:45:24.0541 0x15b8 discache - ok14:45:24.0557 0x15b8 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys14:45:24.0557 0x15b8 Disk - ok14:45:24.0588 0x15b8 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll14:45:24.0588 0x15b8 Dnscache - ok14:45:24.0604 0x15b8 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll14:45:24.0604 0x15b8 dot3svc - ok14:45:24.0604 0x15b8 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll14:45:24.0604 0x15b8 DPS - ok14:45:24.0650 0x15b8 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys14:45:24.0650 0x15b8 drmkaud - ok14:45:24.0697 0x15b8 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys14:45:24.0728 0x15b8 DXGKrnl - ok14:45:24.0760 0x15b8 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll14:45:24.0760 0x15b8 EapHost - ok14:45:24.0869 0x15b8 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys14:45:24.0931 0x15b8 ebdrv - ok14:45:24.0962 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe14:45:24.0962 0x15b8 EFS - ok14:45:25.0056 0x15b8 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe14:45:25.0072 0x15b8 ehRecvr - ok14:45:25.0103 0x15b8 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe14:45:25.0103 0x15b8 ehSched - ok14:45:25.0150 0x15b8 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys14:45:25.0165 0x15b8 elxstor - ok14:45:25.0181 0x15b8 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys14:45:25.0181 0x15b8 ErrDev - ok14:45:25.0243 0x15b8 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll14:45:25.0243 0x15b8 EventSystem - ok14:45:25.0290 0x15b8 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys14:45:25.0306 0x15b8 exfat - ok14:45:25.0337 0x15b8 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys14:45:25.0337 0x15b8 fastfat - ok14:45:25.0384 0x15b8 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe14:45:25.0399 0x15b8 Fax - ok14:45:25.0430 0x15b8 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys14:45:25.0430 0x15b8 fdc - ok14:45:25.0477 0x15b8 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll14:45:25.0477 0x15b8 fdPHost - ok14:45:25.0477 0x15b8 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll14:45:25.0493 0x15b8 FDResPub - ok14:45:25.0508 0x15b8 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys14:45:25.0508 0x15b8 FileInfo - ok14:45:25.0524 0x15b8 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys14:45:25.0524 0x15b8 Filetrace - ok14:45:25.0555 0x15b8 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys14:45:25.0555 0x15b8 flpydisk - ok14:45:25.0618 0x15b8 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys14:45:25.0633 0x15b8 FltMgr - ok14:45:25.0696 0x15b8 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll14:45:25.0727 0x15b8 FontCache - ok14:45:25.0789 0x15b8 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe14:45:25.0789 0x15b8 FontCache3.0.0.0 - ok14:45:25.0820 0x15b8 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys14:45:25.0820 0x15b8 FsDepends - ok14:45:25.0867 0x15b8 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys14:45:25.0867 0x15b8 Fs_Rec - ok14:45:25.0914 0x15b8 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys14:45:25.0914 0x15b8 fvevol - ok14:45:25.0945 0x15b8 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys14:45:25.0945 0x15b8 gagp30kx - ok14:45:26.0008 0x15b8 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe14:45:26.0008 0x15b8 GamesAppService - ok14:45:26.0070 0x15b8 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe14:45:26.0070 0x15b8 GFNEXSrv - ok14:45:26.0132 0x15b8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll14:45:26.0148 0x15b8 gpsvc - ok14:45:26.0195 0x15b8 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe14:45:26.0195 0x15b8 gupdate - ok14:45:26.0210 0x15b8 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe14:45:26.0226 0x15b8 gupdatem - ok14:45:26.0257 0x15b8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe14:45:26.0257 0x15b8 gusvc - ok14:45:26.0288 0x15b8 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys14:45:26.0288 0x15b8 hcw85cir - ok14:45:26.0320 0x15b8 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys14:45:26.0335 0x15b8 HdAudAddService - ok14:45:26.0366 0x15b8 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys14:45:26.0382 0x15b8 HDAudBus - ok14:45:26.0413 0x15b8 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys14:45:26.0413 0x15b8 HidBatt - ok14:45:26.0429 0x15b8 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys14:45:26.0429 0x15b8 HidBth - ok14:45:26.0460 0x15b8 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys14:45:26.0476 0x15b8 HidIr - ok14:45:26.0507 0x15b8 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll14:45:26.0507 0x15b8 hidserv - ok14:45:26.0538 0x15b8 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys14:45:26.0538 0x15b8 HidUsb - ok14:45:26.0569 0x15b8 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll14:45:26.0569 0x15b8 hkmsvc - ok14:45:26.0585 0x15b8 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll14:45:26.0600 0x15b8 HomeGroupListener - ok14:45:26.0616 0x15b8 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll14:45:26.0616 0x15b8 HomeGroupProvider - ok14:45:26.0647 0x15b8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys14:45:26.0663 0x15b8 HpSAMD - ok14:45:26.0694 0x15b8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys14:45:26.0710 0x15b8 HTTP - ok14:45:26.0741 0x15b8 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys14:45:26.0741 0x15b8 hwpolicy - ok14:45:26.0788 0x15b8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys14:45:26.0788 0x15b8 i8042prt - ok14:45:26.0834 0x15b8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys14:45:26.0834 0x15b8 iaStorV - ok14:45:26.0897 0x15b8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe14:45:26.0912 0x15b8 idsvc - ok14:45:26.0944 0x15b8 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys14:45:26.0944 0x15b8 iirsp - ok14:45:26.0990 0x15b8 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll14:45:27.0022 0x15b8 IKEEXT - ok14:45:27.0115 0x15b8 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys14:45:27.0146 0x15b8 IntcAzAudAddService - ok14:45:27.0162 0x15b8 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys14:45:27.0162 0x15b8 intelide - ok14:45:27.0209 0x15b8 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys14:45:27.0209 0x15b8 intelppm - ok14:45:27.0271 0x15b8 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll14:45:27.0271 0x15b8 IPBusEnum - ok14:45:27.0287 0x15b8 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys14:45:27.0302 0x15b8 IpFilterDriver - ok14:45:27.0349 0x15b8 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll14:45:27.0365 0x15b8 iphlpsvc - ok14:45:27.0396 0x15b8 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys14:45:27.0396 0x15b8 IPMIDRV - ok14:45:27.0396 0x15b8 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys14:45:27.0396 0x15b8 IPNAT - ok14:45:27.0427 0x15b8 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys14:45:27.0427 0x15b8 IRENUM - ok14:45:27.0458 0x15b8 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys14:45:27.0458 0x15b8 isapnp - ok14:45:27.0490 0x15b8 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys14:45:27.0505 0x15b8 iScsiPrt - ok14:45:27.0521 0x15b8 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys14:45:27.0521 0x15b8 kbdclass - ok14:45:27.0552 0x15b8 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys14:45:27.0552 0x15b8 kbdhid - ok14:45:27.0599 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe14:45:27.0599 0x15b8 KeyIso - ok14:45:27.0646 0x15b8 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys14:45:27.0646 0x15b8 KSecDD - ok14:45:27.0677 0x15b8 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys14:45:27.0677 0x15b8 KSecPkg - ok14:45:27.0708 0x15b8 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys14:45:27.0708 0x15b8 ksthunk - ok14:45:27.0755 0x15b8 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll14:45:27.0755 0x15b8 KtmRm - ok14:45:27.0817 0x15b8 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll14:45:27.0817 0x15b8 LanmanServer - ok14:45:27.0848 0x15b8 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll14:45:27.0864 0x15b8 LanmanWorkstation - ok14:45:27.0895 0x15b8 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys14:45:27.0895 0x15b8 lltdio - ok14:45:27.0926 0x15b8 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll14:45:27.0942 0x15b8 lltdsvc - ok14:45:27.0973 0x15b8 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll14:45:27.0973 0x15b8 lmhosts - ok14:45:28.0020 0x15b8 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys14:45:28.0036 0x15b8 LSI_FC - ok14:45:28.0036 0x15b8 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys14:45:28.0036 0x15b8 LSI_SAS - ok14:45:28.0051 0x15b8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys14:45:28.0051 0x15b8 LSI_SAS2 - ok14:45:28.0067 0x15b8 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys14:45:28.0067 0x15b8 LSI_SCSI - ok14:45:28.0098 0x15b8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys14:45:28.0098 0x15b8 luafv - ok14:45:28.0129 0x15b8 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll14:45:28.0129 0x15b8 Mcx2Svc - ok14:45:28.0129 0x15b8 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys14:45:28.0145 0x15b8 megasas - ok14:45:28.0176 0x15b8 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys14:45:28.0192 0x15b8 MegaSR - ok14:45:28.0207 0x15b8 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll14:45:28.0223 0x15b8 MMCSS - ok14:45:28.0223 0x15b8 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys14:45:28.0223 0x15b8 Modem - ok14:45:28.0254 0x15b8 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys14:45:28.0254 0x15b8 monitor - ok14:45:28.0285 0x15b8 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys14:45:28.0285 0x15b8 mouclass - ok14:45:28.0301 0x15b8 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys14:45:28.0301 0x15b8 mouhid - ok14:45:28.0316 0x15b8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys14:45:28.0316 0x15b8 mountmgr - ok14:45:28.0332 0x15b8 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys14:45:28.0348 0x15b8 mpio - ok14:45:28.0363 0x15b8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys14:45:28.0363 0x15b8 mpsdrv - ok14:45:28.0410 0x15b8 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll14:45:28.0441 0x15b8 MpsSvc - ok14:45:28.0472 0x15b8 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys14:45:28.0472 0x15b8 MRxDAV - ok14:45:28.0488 0x15b8 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys14:45:28.0488 0x15b8 mrxsmb - ok14:45:28.0519 0x15b8 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys14:45:28.0535 0x15b8 mrxsmb10 - ok14:45:28.0550 0x15b8 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys14:45:28.0550 0x15b8 mrxsmb20 - ok14:45:28.0566 0x15b8 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys14:45:28.0566 0x15b8 msahci - ok14:45:28.0582 0x15b8 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys14:45:28.0582 0x15b8 msdsm - ok14:45:28.0597 0x15b8 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe14:45:28.0597 0x15b8 MSDTC - ok14:45:28.0628 0x15b8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys14:45:28.0628 0x15b8 Msfs - ok14:45:28.0644 0x15b8 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys14:45:28.0644 0x15b8 mshidkmdf - ok14:45:28.0660 0x15b8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys14:45:28.0660 0x15b8 msisadrv - ok14:45:28.0691 0x15b8 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll14:45:28.0691 0x15b8 MSiSCSI - ok14:45:28.0691 0x15b8 msiserver - ok14:45:28.0722 0x15b8 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys14:45:28.0722 0x15b8 MSKSSRV - ok14:45:28.0738 0x15b8 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys14:45:28.0738 0x15b8 MSPCLOCK - ok14:45:28.0769 0x15b8 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys14:45:28.0769 0x15b8 MSPQM - ok14:45:28.0800 0x15b8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys14:45:28.0800 0x15b8 MsRPC - ok14:45:28.0831 0x15b8 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys14:45:28.0831 0x15b8 mssmbios - ok14:45:28.0862 0x15b8 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys14:45:28.0862 0x15b8 MSTEE - ok14:45:28.0878 0x15b8 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys14:45:28.0878 0x15b8 MTConfig - ok14:45:28.0909 0x15b8 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys14:45:28.0909 0x15b8 Mup - ok14:45:28.0956 0x15b8 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll14:45:28.0956 0x15b8 napagent - ok14:45:29.0003 0x15b8 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys14:45:29.0003 0x15b8 NativeWifiP - ok14:45:29.0065 0x15b8 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys14:45:29.0081 0x15b8 NDIS - ok14:45:29.0096 0x15b8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys14:45:29.0096 0x15b8 NdisCap - ok14:45:29.0128 0x15b8 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys14:45:29.0128 0x15b8 NdisTapi - ok14:45:29.0159 0x15b8 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys14:45:29.0159 0x15b8 Ndisuio - ok14:45:29.0190 0x15b8 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys14:45:29.0190 0x15b8 NdisWan - ok14:45:29.0190 0x15b8 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys14:45:29.0190 0x15b8 NDProxy - ok14:45:29.0252 0x15b8 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys14:45:29.0252 0x15b8 NetBIOS - ok14:45:29.0268 0x15b8 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys14:45:29.0268 0x15b8 NetBT - ok14:45:29.0299 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe14:45:29.0299 0x15b8 Netlogon - ok14:45:29.0346 0x15b8 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll14:45:29.0362 0x15b8 Netman - ok14:45:29.0393 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0393 0x15b8 NetMsmqActivator - ok14:45:29.0408 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0408 0x15b8 NetPipeActivator - ok14:45:29.0440 0x15b8 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll14:45:29.0455 0x15b8 netprofm - ok14:45:29.0471 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0471 0x15b8 NetTcpActivator - ok14:45:29.0486 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0486 0x15b8 NetTcpPortSharing - ok14:45:29.0518 0x15b8 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys14:45:29.0518 0x15b8 nfrd960 - ok14:45:29.0611 0x15b8 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll14:45:29.0627 0x15b8 NlaSvc - ok14:45:29.0658 0x15b8 Norton PC Checkup Application Launcher - ok14:45:29.0689 0x15b8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys14:45:29.0689 0x15b8 Npfs - ok14:45:29.0720 0x15b8 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll14:45:29.0720 0x15b8 nsi - ok14:45:29.0736 0x15b8 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys14:45:29.0736 0x15b8 nsiproxy - ok14:45:29.0814 0x15b8 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys14:45:29.0830 0x15b8 Ntfs - ok14:45:29.0861 0x15b8 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys14:45:29.0861 0x15b8 Null - ok14:45:29.0892 0x15b8 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys14:45:29.0892 0x15b8 nvraid - ok14:45:29.0908 0x15b8 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys14:45:29.0908 0x15b8 nvstor - ok14:45:29.0939 0x15b8 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys14:45:29.0939 0x15b8 nv_agp - ok14:45:29.0939 0x15b8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys14:45:29.0954 0x15b8 ohci1394 - ok14:45:30.0001 0x15b8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE14:45:30.0001 0x15b8 ose - ok14:45:30.0188 0x15b8 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE14:45:30.0313 0x15b8 osppsvc - ok14:45:30.0344 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll14:45:30.0344 0x15b8 p2pimsvc - ok14:45:30.0376 0x15b8 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll14:45:30.0376 0x15b8 p2psvc - ok14:45:30.0391 0x15b8 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys14:45:30.0407 0x15b8 Parport - ok14:45:30.0422 0x15b8 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys14:45:30.0422 0x15b8 partmgr - ok14:45:30.0454 0x15b8 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll14:45:30.0454 0x15b8 PcaSvc - ok14:45:30.0454 0x15b8 PCCUJobMgr - ok14:45:30.0485 0x15b8 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys14:45:30.0485 0x15b8 pci - ok14:45:30.0500 0x15b8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys14:45:30.0500 0x15b8 pciide - ok14:45:30.0532 0x15b8 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys14:45:30.0532 0x15b8 pcmcia - ok14:45:30.0532 0x15b8 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys14:45:30.0532 0x15b8 pcw - ok14:45:30.0578 0x15b8 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys14:45:30.0578 0x15b8 PEAUTH - ok14:45:30.0688 0x15b8 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe14:45:30.0703 0x15b8 PerfHost - ok14:45:30.0734 0x15b8 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys14:45:30.0750 0x15b8 PGEffect - ok14:45:30.0781 0x15b8 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll14:45:30.0797 0x15b8 pla - ok14:45:30.0859 0x15b8 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll14:45:30.0875 0x15b8 PlugPlay - ok14:45:30.0906 0x15b8 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll14:45:30.0906 0x15b8 PNRPAutoReg - ok14:45:30.0922 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll14:45:30.0922 0x15b8 PNRPsvc - ok14:45:30.0953 0x15b8 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll14:45:30.0968 0x15b8 PolicyAgent - ok14:45:30.0984 0x15b8 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll14:45:30.0984 0x15b8 Power - ok14:45:31.0015 0x15b8 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys14:45:31.0015 0x15b8 PptpMiniport - ok14:45:31.0031 0x15b8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys14:45:31.0031 0x15b8 Processor - ok14:45:31.0062 0x15b8 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll14:45:31.0062 0x15b8 ProfSvc - ok14:45:31.0078 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe14:45:31.0078 0x15b8 ProtectedStorage - ok14:45:31.0109 0x15b8 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys14:45:31.0109 0x15b8 Psched - ok14:45:31.0156 0x15b8 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys14:45:31.0171 0x15b8 ql2300 - ok14:45:31.0202 0x15b8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys14:45:31.0202 0x15b8 ql40xx - ok14:45:31.0234 0x15b8 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll14:45:31.0249 0x15b8 QWAVE - ok14:45:31.0265 0x15b8 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys14:45:31.0265 0x15b8 QWAVEdrv - ok14:45:31.0280 0x15b8 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys14:45:31.0280 0x15b8 RasAcd - ok14:45:31.0312 0x15b8 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys14:45:31.0312 0x15b8 RasAgileVpn - ok14:45:31.0343 0x15b8 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll14:45:31.0343 0x15b8 RasAuto - ok14:45:31.0374 0x15b8 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys14:45:31.0374 0x15b8 Rasl2tp - ok14:45:31.0405 0x15b8 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll14:45:31.0421 0x15b8 RasMan - ok14:45:31.0436 0x15b8 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys14:45:31.0452 0x15b8 RasPppoe - ok14:45:31.0452 0x15b8 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys14:45:31.0452 0x15b8 RasSstp - ok14:45:31.0483 0x15b8 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys14:45:31.0499 0x15b8 rdbss - ok14:45:31.0514 0x15b8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys14:45:31.0514 0x15b8 rdpbus - ok14:45:31.0546 0x15b8 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys14:45:31.0546 0x15b8 RDPCDD - ok14:45:31.0561 0x15b8 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys14:45:31.0561 0x15b8 RDPENCDD - ok14:45:31.0592 0x15b8 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys14:45:31.0592 0x15b8 RDPREFMP - ok14:45:31.0608 0x15b8 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys14:45:31.0624 0x15b8 RDPWD - ok14:45:31.0639 0x15b8 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys14:45:31.0655 0x15b8 rdyboost - ok14:45:31.0686 0x15b8 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll14:45:31.0686 0x15b8 RemoteAccess - ok14:45:31.0717 0x15b8 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll14:45:31.0717 0x15b8 RemoteRegistry - ok14:45:31.0764 0x15b8 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys14:45:31.0764 0x15b8 RFCOMM - ok14:45:31.0795 0x15b8 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll14:45:31.0811 0x15b8 RpcEptMapper - ok14:45:31.0826 0x15b8 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe14:45:31.0826 0x15b8 RpcLocator - ok14:45:31.0920 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll14:45:31.0936 0x15b8 RpcSs - ok14:45:31.0967 0x15b8 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys14:45:31.0967 0x15b8 rspndr - ok14:45:32.0014 0x15b8 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys14:45:32.0014 0x15b8 RSUSBSTOR - ok14:45:32.0029 0x15b8 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys14:45:32.0045 0x15b8 RTL8167 - ok14:45:32.0107 0x15b8 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys14:45:32.0138 0x15b8 RTL8192Ce - ok14:45:32.0154 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe14:45:32.0154 0x15b8 SamSs - ok14:45:32.0170 0x15b8 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys14:45:32.0170 0x15b8 sbp2port - ok14:45:32.0201 0x15b8 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll14:45:32.0201 0x15b8 SCardSvr - ok14:45:32.0232 0x15b8 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys14:45:32.0232 0x15b8 scfilter - ok14:45:32.0263 0x15b8 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll14:45:32.0294 0x15b8 Schedule - ok14:45:32.0310 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll14:45:32.0326 0x15b8 SCPolicySvc - ok14:45:32.0341 0x15b8 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll14:45:32.0341 0x15b8 SDRSVC - ok14:45:32.0372 0x15b8 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys14:45:32.0388 0x15b8 secdrv - ok14:45:32.0388 0x15b8 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll14:45:32.0388 0x15b8 seclogon - ok14:45:32.0419 0x15b8 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll14:45:32.0419 0x15b8 SENS - ok14:45:32.0435 0x15b8 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll14:45:32.0435 0x15b8 SensrSvc - ok14:45:32.0450 0x15b8 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys14:45:32.0450 0x15b8 Serenum - ok14:45:32.0482 0x15b8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys14:45:32.0482 0x15b8 Serial - ok14:45:32.0497 0x15b8 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys14:45:32.0497 0x15b8 sermouse - ok14:45:32.0528 0x15b8 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll14:45:32.0544 0x15b8 SessionEnv - ok14:45:32.0560 0x15b8 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys14:45:32.0560 0x15b8 sffdisk - ok14:45:32.0560 0x15b8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys14:45:32.0560 0x15b8 sffp_mmc - ok14:45:32.0575 0x15b8 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys14:45:32.0575 0x15b8 sffp_sd - ok14:45:32.0575 0x15b8 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys14:45:32.0591 0x15b8 sfloppy - ok14:45:32.0622 0x15b8 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll14:45:32.0622 0x15b8 SharedAccess - ok14:45:32.0653 0x15b8 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll14:45:32.0653 0x15b8 ShellHWDetection - ok14:45:32.0700 0x15b8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys14:45:32.0700 0x15b8 SiSRaid2 - ok14:45:32.0716 0x15b8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys14:45:32.0716 0x15b8 SiSRaid4 - ok14:45:32.0747 0x15b8 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe14:45:32.0747 0x15b8 SkypeUpdate - ok14:45:32.0809 0x15b8 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys14:45:32.0809 0x15b8 Smb - ok14:45:32.0856 0x15b8 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe14:45:32.0856 0x15b8 SNMPTRAP - ok14:45:32.0887 0x15b8 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys14:45:32.0887 0x15b8 spldr - ok14:45:32.0918 0x15b8 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe14:45:32.0934 0x15b8 Spooler - ok14:45:33.0043 0x15b8 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe14:45:33.0137 0x15b8 sppsvc - ok14:45:33.0152 0x15b8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll14:45:33.0168 0x15b8 sppuinotify - ok14:45:33.0184 0x15b8 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys14:45:33.0184 0x15b8 srv - ok14:45:33.0199 0x15b8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys14:45:33.0215 0x15b8 srv2 - ok14:45:33.0230 0x15b8 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys14:45:33.0230 0x15b8 srvnet - ok14:45:33.0262 0x15b8 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll14:45:33.0277 0x15b8 SSDPSRV - ok14:45:33.0277 0x15b8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll14:45:33.0277 0x15b8 SstpSvc - ok14:45:33.0293 0x15b8 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys14:45:33.0308 0x15b8 stexstor - ok14:45:33.0324 0x15b8 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys14:45:33.0324 0x15b8 StillCam - ok14:45:33.0355 0x15b8 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll14:45:33.0371 0x15b8 stisvc - ok14:45:33.0402 0x15b8 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys14:45:33.0402 0x15b8 swenum - ok14:45:33.0433 0x15b8 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll14:45:33.0449 0x15b8 swprv - ok14:45:33.0527 0x15b8 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys14:45:33.0542 0x15b8 SynTP - ok14:45:33.0620 0x15b8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll14:45:33.0636 0x15b8 SysMain - ok14:45:33.0652 0x15b8 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll14:45:33.0652 0x15b8 TabletInputService - ok14:45:33.0652 0x15b8 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll14:45:33.0667 0x15b8 TapiSrv - ok14:45:33.0667 0x15b8 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll14:45:33.0683 0x15b8 TBS - ok14:45:33.0761 0x15b8 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys14:45:33.0792 0x15b8 Tcpip - ok14:45:33.0886 0x15b8 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys14:45:33.0901 0x15b8 TCPIP6 - ok14:45:33.0948 0x15b8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys14:45:33.0948 0x15b8 tcpipreg - ok14:45:33.0979 0x15b8 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys14:45:33.0979 0x15b8 tdcmdpst - ok14:45:34.0010 0x15b8 TDEIO - ok14:45:34.0042 0x15b8 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys14:45:34.0042 0x15b8 TDPIPE - ok14:45:34.0088 0x15b8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys14:45:34.0088 0x15b8 TDTCP - ok14:45:34.0104 0x15b8 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys14:45:34.0120 0x15b8 tdx - ok14:45:34.0120 0x15b8 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys14:45:34.0135 0x15b8 TermDD - ok14:45:34.0182 0x15b8 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll14:45:34.0198 0x15b8 TermService - ok14:45:34.0213 0x15b8 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll14:45:34.0213 0x15b8 Themes - ok14:45:34.0244 0x15b8 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll14:45:34.0244 0x15b8 THREADORDER - ok14:45:34.0291 0x15b8 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe14:45:34.0291 0x15b8 TMachInfo - ok14:45:34.0322 0x15b8 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe14:45:34.0322 0x15b8 TODDSrv - ok14:45:34.0400 0x15b8 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe14:45:34.0416 0x15b8 TosCoSrv - ok14:45:34.0463 0x15b8 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe14:45:34.0478 0x15b8 TOSHIBA eco Utility Service - ok14:45:34.0510 0x15b8 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe14:45:34.0510 0x15b8 TOSHIBA HDD SSD Alert Service - ok14:45:34.0572 0x15b8 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe14:45:34.0588 0x15b8 TPCHSrv - ok14:45:34.0619 0x15b8 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll14:45:34.0634 0x15b8 TrkWks - ok14:45:34.0681 0x15b8 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe14:45:34.0697 0x15b8 TrustedInstaller - ok14:45:34.0712 0x15b8 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys14:45:34.0712 0x15b8 tssecsrv - ok14:45:34.0744 0x15b8 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys14:45:34.0744 0x15b8 TsUsbFlt - ok14:45:34.0759 0x15b8 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys14:45:34.0775 0x15b8 TsUsbGD - ok14:45:34.0806 0x15b8 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys14:45:34.0822 0x15b8 tunnel - ok14:45:34.0853 0x15b8 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS14:45:34.0853 0x15b8 TVALZ - ok14:45:34.0868 0x15b8 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys14:45:34.0868 0x15b8 TVALZFL - ok14:45:34.0900 0x15b8 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys14:45:34.0900 0x15b8 uagp35 - ok14:45:34.0931 0x15b8 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys14:45:34.0931 0x15b8 udfs - ok14:45:34.0962 0x15b8 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe14:45:34.0962 0x15b8 UI0Detect - ok14:45:34.0993 0x15b8 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys14:45:35.0009 0x15b8 uliagpkx - ok14:45:35.0040 0x15b8 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys14:45:35.0040 0x15b8 umbus - ok14:45:35.0087 0x15b8 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys14:45:35.0087 0x15b8 UmPass - ok14:45:35.0118 0x15b8 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll14:45:35.0134 0x15b8 upnphost - ok14:45:35.0165 0x15b8 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys14:45:35.0180 0x15b8 usbccgp - ok14:45:35.0212 0x15b8 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys14:45:35.0212 0x15b8 usbcir - ok14:45:35.0243 0x15b8 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys14:45:35.0258 0x15b8 usbehci - ok14:45:35.0274 0x15b8 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys14:45:35.0290 0x15b8 usbhub - ok14:45:35.0290 0x15b8 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys14:45:35.0305 0x15b8 usbohci - ok14:45:35.0336 0x15b8 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys14:45:35.0336 0x15b8 usbprint - ok14:45:35.0368 0x15b8 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys14:45:35.0368 0x15b8 usbscan - ok14:45:35.0399 0x15b8 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS14:45:35.0399 0x15b8 USBSTOR - ok14:45:35.0414 0x15b8 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys14:45:35.0430 0x15b8 usbuhci - ok14:45:35.0461 0x15b8 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys14:45:35.0461 0x15b8 usbvideo - ok14:45:35.0492 0x15b8 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll14:45:35.0508 0x15b8 UxSms - ok14:45:35.0524 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe14:45:35.0524 0x15b8 VaultSvc - ok14:45:35.0586 0x15b8 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys14:45:35.0586 0x15b8 vdrvroot - ok14:45:35.0633 0x15b8 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe14:45:35.0648 0x15b8 vds - ok14:45:35.0680 0x15b8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys14:45:35.0680 0x15b8 vga - ok14:45:35.0695 0x15b8 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys14:45:35.0695 0x15b8 VgaSave - ok14:45:35.0711 0x15b8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys14:45:35.0711 0x15b8 vhdmp - ok14:45:35.0726 0x15b8 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys14:45:35.0726 0x15b8 viaide - ok14:45:35.0758 0x15b8 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys14:45:35.0758 0x15b8 volmgr - ok14:45:35.0758 0x15b8 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys14:45:35.0773 0x15b8 volmgrx - ok14:45:35.0773 0x15b8 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys14:45:35.0773 0x15b8 volsnap - ok14:45:35.0789 0x15b8 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys14:45:35.0789 0x15b8 vsmraid - ok14:45:35.0867 0x15b8 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe14:45:35.0898 0x15b8 VSS - ok14:45:35.0914 0x15b8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys14:45:35.0914 0x15b8 vwifibus - ok14:45:35.0929 0x15b8 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys14:45:35.0929 0x15b8 vwififlt - ok14:45:35.0945 0x15b8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys14:45:35.0945 0x15b8 vwifimp - ok14:45:35.0992 0x15b8 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll14:45:35.0992 0x15b8 W32Time - ok14:45:36.0023 0x15b8 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys14:45:36.0023 0x15b8 WacomPen - ok14:45:36.0054 0x15b8 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys14:45:36.0054 0x15b8 WANARP - ok14:45:36.0054 0x15b8 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys14:45:36.0054 0x15b8 Wanarpv6 - ok14:45:36.0132 0x15b8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe14:45:36.0148 0x15b8 WatAdminSvc - ok14:45:36.0194 0x15b8 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe14:45:36.0210 0x15b8 wbengine - ok14:45:36.0226 0x15b8 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll14:45:36.0226 0x15b8 WbioSrvc - ok14:45:36.0241 0x15b8 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll14:45:36.0241 0x15b8 wcncsvc - ok14:45:36.0241 0x15b8 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll14:45:36.0257 0x15b8 WcsPlugInService - ok14:45:36.0272 0x15b8 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys14:45:36.0272 0x15b8 Wd - ok14:45:36.0335 0x15b8 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys14:45:36.0350 0x15b8 Wdf01000 - ok14:45:36.0366 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll14:45:36.0366 0x15b8 WdiServiceHost - ok14:45:36.0382 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll14:45:36.0382 0x15b8 WdiSystemHost - ok14:45:36.0382 0x15b8 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll14:45:36.0397 0x15b8 WebClient - ok14:45:36.0397 0x15b8 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll14:45:36.0397 0x15b8 Wecsvc - ok14:45:36.0413 0x15b8 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll14:45:36.0428 0x15b8 wercplsupport - ok14:45:36.0428 0x15b8 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll14:45:36.0444 0x15b8 WerSvc - ok14:45:36.0460 0x15b8 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys14:45:36.0460 0x15b8 WfpLwf - ok14:45:36.0491 0x15b8 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys14:45:36.0491 0x15b8 WIMMount - ok14:45:36.0506 0x15b8 WinDefend - ok14:45:36.0522 0x15b8 WinHttpAutoProxySvc - ok14:45:36.0569 0x15b8 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll14:45:36.0584 0x15b8 Winmgmt - ok14:45:36.0662 0x15b8 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll14:45:36.0678 0x15b8 WinRM - ok14:45:36.0725 0x15b8 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys14:45:36.0725 0x15b8 WinUsb - ok14:45:36.0772 0x15b8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll14:45:36.0803 0x15b8 Wlansvc - ok14:45:36.0850 0x15b8 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe14:45:36.0865 0x15b8 wlcrasvc - ok14:45:36.0990 0x15b8 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE14:45:37.0006 0x15b8 wlidsvc - ok14:45:37.0021 0x15b8 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys14:45:37.0037 0x15b8 WmiAcpi - ok14:45:37.0068 0x15b8 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe14:45:37.0084 0x15b8 wmiApSrv - ok14:45:37.0115 0x15b8 WMPNetworkSvc - ok14:45:37.0146 0x15b8 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll14:45:37.0162 0x15b8 WPCSvc - ok14:45:37.0162 0x15b8 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll14:45:37.0177 0x15b8 WPDBusEnum - ok14:45:37.0208 0x15b8 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys14:45:37.0224 0x15b8 ws2ifsl - ok14:45:37.0255 0x15b8 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll14:45:37.0255 0x15b8 wscsvc - ok14:45:37.0286 0x15b8 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys14:45:37.0286 0x15b8 WSDPrintDevice - ok14:45:37.0302 0x15b8 WSearch - ok14:45:37.0380 0x15b8 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll14:45:37.0411 0x15b8 wuauserv - ok14:45:37.0442 0x15b8 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys14:45:37.0442 0x15b8 WudfPf - ok14:45:37.0474 0x15b8 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys14:45:37.0474 0x15b8 WUDFRd - ok14:45:37.0505 0x15b8 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll14:45:37.0505 0x15b8 wudfsvc - ok14:45:37.0536 0x15b8 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll14:45:37.0552 0x15b8 WwanSvc - ok14:45:37.0567 0x15b8 ================ Scan global ===============================14:45:37.0598 0x15b8 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll14:45:37.0630 0x15b8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll14:45:37.0645 0x15b8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll14:45:37.0676 0x15b8 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll14:45:37.0692 0x15b8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe14:45:37.0692 0x15b8 [Global] - ok14:45:37.0692 0x15b8 ================ Scan MBR ==================================14:45:37.0708 0x15b8 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR014:45:37.0988 0x15b8 \Device\Harddisk0\DR0 - ok14:45:37.0988 0x15b8 ================ Scan VBR ==================================14:45:38.0004 0x15b8 [ 71D4D40D816F81FAD678902778C9907F ] \Device\Harddisk0\DR0\Partition114:45:38.0004 0x15b8 \Device\Harddisk0\DR0\Partition1 - ok14:45:38.0004 0x15b8 ============================================================14:45:38.0004 0x15b8 Scan finished14:45:38.0004 0x15b8 ============================================================14:45:38.0035 0x1440 Detected object count: 014:45:38.0035 0x1440 Actual detected object count: 0 Malwarebytes Anti-Rootkit - No Threats Found MBAR-LogMalwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.org Database version: v2013.08.07.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Fire Training :: FIRETRAINING-PC [administrator] 8/21/2013 2:49:05 PMmbar-log-2013-08-21 (14-49-05).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 234058Time elapsed: 31 minute(s), 38 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 22, 2013 Author ID:718855 Share Posted August 22, 2013 I had to use more than one post due to getting an error - "Post too Long" MBAR - SystemLog---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 Java version: 1.6.0_25 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.397000 GHzMemory total: 3735154688, free: 2630160384 Initializing...------------ Kernel report ------------ 08/21/2013 14:48:59------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ_O.SYS\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\rtl8192Ce.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\udfs.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\shell32.dll\Windows\System32\setupapi.dll\Windows\System32\urlmon.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\rpcrt4.dll\Windows\System32\imm32.dll\Windows\System32\kernel32.dll\Windows\System32\oleaut32.dll\Windows\System32\difxapi.dll\Windows\System32\ws2_32.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\clbcatq.dll\Windows\System32\gdi32.dll\Windows\System32\iertutil.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\imagehlp.dll\Windows\System32\shlwapi.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\usp10.dll\Windows\System32\wininet.dll\Windows\System32\sechost.dll\Windows\System32\Wldap32.dll\Windows\System32\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004d4d060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\Lower Device Object: 0xfffffa8004ae9680Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004d4d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004be79d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004d4d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ae9680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 81AC88D8 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 944070656 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 947144704 Numsec = 29628416 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_947144704_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ComboFixComboFix 13-08-21.01 - Fire Training 08/21/2013 16:06:07.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.2377 [GMT -5:00]Running from: c:\users\Fire Training\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{03BCFB14-E4A4-47F6-84E7-AF8E5ECBC547}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0690173C-968D-497C-9456-D3496DC2C5A9}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{417C629E-CB85-46F5-9E93-6B797658AB9A}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83E88CB7-6D79-4E57-9257-B85A46F19744}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A68AF8EE-1CC1-46FA-948C-3FC455523DF0}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD0388F7-7CD2-4949-83D5-47918C30A7D8}.xpsc:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnkc:\users\Fire Training\g2mdlhlpx.exe..((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))..2013-08-21 21:18 . 2013-08-21 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-21 21:15 . 2013-08-21 21:15 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\offreg.dll2013-08-21 19:48 . 2013-08-21 20:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-21 19:48 . 2013-08-21 19:48 -------- d-----w- c:\programdata\Malwarebytes2013-08-18 17:13 . 2013-08-18 17:13 -------- d-----w- C:\FRST2013-08-14 20:37 . 2013-08-14 20:37 -------- d-----w- c:\programdata\HitmanPro2013-08-09 16:44 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\mpengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-26 01:02 . 2012-09-18 10:40 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-10 21:49 . 2013-07-10 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-07-10 21:49 . 2013-07-10 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 81408 ----a-w- c:\windows\system32\icardie.dll2013-07-10 21:49 . 2013-07-10 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-07-10 21:49 . 2013-07-10 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 67072 ----a-w- c:\windows\system32\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-07-10 21:49 . 2013-07-10 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-07-10 21:49 . 2013-07-10 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-07-10 21:49 . 2013-07-10 21:49 441856 ----a-w- c:\windows\system32\html.iec2013-07-10 21:49 . 2013-07-10 21:49 39936 ----a-w- c:\windows\system32\iernonce.dll2013-07-10 21:49 . 2013-07-10 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec2013-07-10 21:49 . 2013-07-10 21:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-07-10 21:49 . 2013-07-10 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 2648576 ----a-w- c:\windows\system32\iertutil.dll2013-07-10 21:49 . 2013-07-10 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll2013-07-10 21:49 . 2013-07-10 21:49 235008 ----a-w- c:\windows\system32\url.dll2013-07-10 21:49 . 2013-07-10 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 2241024 ----a-w- c:\windows\system32\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 216064 ----a-w- c:\windows\system32\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 197120 ----a-w- c:\windows\system32\msrating.dll2013-07-10 21:49 . 2013-07-10 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 144896 ----a-w- c:\windows\system32\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-07-10 21:49 . 2013-07-10 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-07-10 21:49 . 2013-07-10 21:49 102912 ----a-w- c:\windows\system32\inseng.dll2013-07-10 21:49 . 2013-07-10 21:49 19238912 ----a-w- c:\windows\system32\mshtml.dll2013-07-10 21:49 . 2013-07-10 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 855552 ----a-w- c:\windows\system32\jscript.dll2013-07-10 21:49 . 2013-07-10 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-07-10 21:49 . 2013-07-10 21:49 526336 ----a-w- c:\windows\system32\ieui.dll2013-07-10 21:49 . 2013-07-10 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-07-10 21:49 . 2013-07-10 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 3958784 ----a-w- c:\windows\system32\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 15404032 ----a-w- c:\windows\system32\ieframe.dll2013-07-10 21:49 . 2013-07-10 21:49 149504 ----a-w- c:\windows\system32\occache.dll2013-07-10 21:49 . 2013-07-10 21:49 13824 ----a-w- c:\windows\system32\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll2013-07-10 21:49 . 2013-07-10 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 3928064 ----a-w- c:\windows\system32\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 363008 ----a-w- c:\windows\system32\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2013-07-10 21:46 . 2013-07-10 21:46 296960 ----a-w- c:\windows\system32\d3d10core.dll2013-07-10 21:46 . 2013-07-10 21:46 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}]2012-09-18 01:40 62864 ----a-w- c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}]2012-09-18 01:40 699536 ----a-w- c:\progra~2\BRINGM~2\bar\1.bin\1cbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [2012-09-18 699536].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-07-23 2908536].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]"BringMeSports Search Scope Monitor"="c:\progra~2\BRINGM~2\bar\1.bin\1csrchmn.exe" [2012-09-18 42536]"BringMeSports_1c Browser Plugin Loader"="c:\progra~2\BRINGM~2\bar\1.bin\1cbrmon.exe" [2012-09-18 30096].c:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2612G1RS05RN;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 BringMeSports_1cService;BringMeSportsService;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [x]S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 05934246*Deregistered* - 05934246.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-07 22:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 22:15].2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09].2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-21 16:37:41ComboFix-quarantined-files.txt 2013-08-21 21:37.Pre-Run: 426,104,008,704 bytes freePost-Run: 427,036,131,328 bytes free.- - End Of File - - 711D8E21418AC2BB7F7BCEE650524BD25B5E648D12FCADC244C1EC30318E1EB9 Security Check Checkup Log Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 25 Java version out of Date! Adobe Flash Player 11.7.700.224 Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 22, 2013 ID:718958 Share Posted August 22, 2013 Please do the following:1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Open notepad and copy/paste the text in the quotebox below into it:KILLALL:: File::C:\Windows\System32\Drivers\05934246.sysDriver::05934246Reboot::Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 23, 2013 Author ID:719391 Share Posted August 23, 2013 ComboFix 13-08-21.01 - Fire Training 08/22/2013 17:01:23.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.2307 [GMT -5:00]Running from: c:\users\Fire Training\Desktop\ComboFix.exeCommand switches used :: c:\users\Fire Training\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\windows\System32\Drivers\05934246.sys"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_05934246..((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 )))))))))))))))))))))))))))))))..2013-08-22 22:14 . 2013-08-22 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-21 19:48 . 2013-08-21 20:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-21 19:48 . 2013-08-21 19:48 -------- d-----w- c:\programdata\Malwarebytes2013-08-18 17:13 . 2013-08-18 17:13 -------- d-----w- C:\FRST2013-08-14 20:37 . 2013-08-14 20:37 -------- d-----w- c:\programdata\HitmanPro2013-08-09 16:44 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\mpengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-26 01:02 . 2012-09-18 10:40 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-10 21:49 . 2013-07-10 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-07-10 21:49 . 2013-07-10 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 81408 ----a-w- c:\windows\system32\icardie.dll2013-07-10 21:49 . 2013-07-10 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-07-10 21:49 . 2013-07-10 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 67072 ----a-w- c:\windows\system32\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-07-10 21:49 . 2013-07-10 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-07-10 21:49 . 2013-07-10 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-07-10 21:49 . 2013-07-10 21:49 441856 ----a-w- c:\windows\system32\html.iec2013-07-10 21:49 . 2013-07-10 21:49 39936 ----a-w- c:\windows\system32\iernonce.dll2013-07-10 21:49 . 2013-07-10 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec2013-07-10 21:49 . 2013-07-10 21:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-07-10 21:49 . 2013-07-10 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 2648576 ----a-w- c:\windows\system32\iertutil.dll2013-07-10 21:49 . 2013-07-10 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll2013-07-10 21:49 . 2013-07-10 21:49 235008 ----a-w- c:\windows\system32\url.dll2013-07-10 21:49 . 2013-07-10 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 2241024 ----a-w- c:\windows\system32\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 216064 ----a-w- c:\windows\system32\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 197120 ----a-w- c:\windows\system32\msrating.dll2013-07-10 21:49 . 2013-07-10 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 144896 ----a-w- c:\windows\system32\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-07-10 21:49 . 2013-07-10 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-07-10 21:49 . 2013-07-10 21:49 102912 ----a-w- c:\windows\system32\inseng.dll2013-07-10 21:49 . 2013-07-10 21:49 19238912 ----a-w- c:\windows\system32\mshtml.dll2013-07-10 21:49 . 2013-07-10 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 855552 ----a-w- c:\windows\system32\jscript.dll2013-07-10 21:49 . 2013-07-10 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-07-10 21:49 . 2013-07-10 21:49 526336 ----a-w- c:\windows\system32\ieui.dll2013-07-10 21:49 . 2013-07-10 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-07-10 21:49 . 2013-07-10 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 3958784 ----a-w- c:\windows\system32\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 15404032 ----a-w- c:\windows\system32\ieframe.dll2013-07-10 21:49 . 2013-07-10 21:49 149504 ----a-w- c:\windows\system32\occache.dll2013-07-10 21:49 . 2013-07-10 21:49 13824 ----a-w- c:\windows\system32\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll2013-07-10 21:49 . 2013-07-10 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 3928064 ----a-w- c:\windows\system32\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 363008 ----a-w- c:\windows\system32\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2013-07-10 21:46 . 2013-07-10 21:46 296960 ----a-w- c:\windows\system32\d3d10core.dll2013-07-10 21:46 . 2013-07-10 21:46 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}]2012-09-18 01:40 62864 ----a-w- c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}]2012-09-18 01:40 699536 ----a-w- c:\progra~2\BRINGM~2\bar\1.bin\1cbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [2012-09-18 699536].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-07-23 2908536].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]"BringMeSports Search Scope Monitor"="c:\progra~2\BRINGM~2\bar\1.bin\1csrchmn.exe" [2012-09-18 42536]"BringMeSports_1c Browser Plugin Loader"="c:\progra~2\BRINGM~2\bar\1.bin\1cbrmon.exe" [2012-09-18 30096].c:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2612G1RS05RN;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]S2 BringMeSports_1cService;BringMeSportsService;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [x]S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-07 22:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 22:15].2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09].2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-23 09:25:39 - machine was rebootedComboFix-quarantined-files.txt 2013-08-23 14:25ComboFix2.txt 2013-08-21 21:38.Pre-Run: 427,107,164,160 bytes freePost-Run: 426,401,202,176 bytes free.- - End Of File - - 0F6F8938807CF05F747857D142D3CD915B5E648D12FCADC244C1EC30318E1EB9 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 23, 2013 ID:719652 Share Posted August 23, 2013 We're making progress. ----------Step 1----------------Please download AdwCleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.----------Step 2----------------Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.----------Step 3----------------We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:Main MirrorSave it to your desktop.Double click on the OTL icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the Run Scan button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized----------Step 4 (note: this scan may take a little time)----------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Check Push the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Push the button.Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt----------Step 5----------------Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.Let me know how things go. Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 27, 2013 Author ID:721135 Share Posted August 27, 2013 AdwCleaner# AdwCleaner v3.001 - Report created 26/08/2013 at 17:28:58# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Fire Training - FIRETRAINING-PC# Running from : C:\Users\Fire Training\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** Service Found : BringMeSports_1cService ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\BringMeSports_1cFolder Found C:\Users\Fire Training\AppData\LocalLow\BringMeSports_1c ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\BringMeSports_1cKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\Software\BringMeSports_1cKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.DynamicBarButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.DynamicBarButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManagerKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenuKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanelKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettingsKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SkinLauncherKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SkinLauncher.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstallerKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.UrlAlertButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.UrlAlertButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.XMLSessionPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.XMLSessionPlugin.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{002D1BA6-4766-4D7D-82B8-F49439C66F97}Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\CLSID\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\CLSID\{39AE4193-9636-4786-A7E8-D0BED697CDF3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5489857C-D16B-4F23-A322-9F3D3423DC6D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5DC6445C-89CE-4895-9EEE-79449A453700}Key Found : HKLM\SOFTWARE\Classes\CLSID\{6285C254-4465-4F8B-A009-5F42AB02C291}Key Found : HKLM\SOFTWARE\Classes\CLSID\{716F0A7A-66F8-4C51-9EF2-BE22E0EA2F00}Key Found : HKLM\SOFTWARE\Classes\CLSID\{74CEF9D2-506A-4BC6-B577-4F6505317FBA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{779A6469-E20C-4517-9D59-394EE65E216C}Key Found : HKLM\SOFTWARE\Classes\CLSID\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E74A826-02AC-4EDF-8827-7CFDE086FB48}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1912AF6-DFE3-48B1-BDFE-9A65259AC702}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B299D84A-69A5-4433-9A79-51EF2BB7841F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8CBCB5A-9192-4122-B3DE-BD139320EC09}Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D31FF80A-322D-4343-99BD-158557C460B2}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D424710B-AF83-49A6-9F26-033E0CF794B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F653D037-97FA-4755-98C1-7F382EEB59A7}Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\Interface\{3436BC13-C898-4775-B1EA-BA224587010D}Key Found : HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0F2C9A6B-A0ED-4189-B086-C0E76D80EB91}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1265AE6E-5141-468B-AB11-67ECE832F5E8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{256B342B-85A7-4E4E-AA2E-101CDDEF5EFD}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4CD73219-4D3F-46EE-AC3E-768E2A2AB056}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A751D61-7A6B-4999-BFD0-ADF01A40F6F2}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E326B6-2DC3-40B7-93D8-3CEDA9C83F53}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92364364-56B2-4C54-AAE3-A7D03A30C023}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A50C4254-A6A2-48CB-A2D0-C5E0A53FD965}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A66EEC44-AA6D-4AF2-BF75-490E2CA17AE9}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BDFCF196-0622-41CF-BDA6-D1CDB44AB5E9}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C482A5-17AE-43D3-A6AC-52A70674283C}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164EA1FC-B0A0-4202-8C65-E4BA4D54A3AE}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3436BC13-C898-4775-B1EA-BA224587010D}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA460720-7B38-421D-981C-66F0AE288FB9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6285C254-4465-4F8B-A009-5F42AB02C291}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8CBCB5A-9192-4122-B3DE-BD139320EC09}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar UninstallKey Found : HKLM\SOFTWARE\MozillaPlugins\@BringMeSports_1c.com/PluginValue Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bringMeSports Search Scope Monitor]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bringMeSports_1c Browser Plugin Loader]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [1cffxtbr@BringMeSports_1c.com] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.95 [ File : C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8461 octets] - [26/08/2013 17:28:58] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8521 octets] ########## Junkware Removal Tool~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.4 (08.22.2013:1)OS: Windows 7 Home Premium x64Ran by Fire Training on Mon 08/26/2013 at 17:35:13.47~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] bringmesports_1cservice Successfully deleted: [service] bringmesports_1cservice ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.dynamicbarbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.dynamicbarbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.feedmanagerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.feedmanager.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlmenuSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlmenu.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlpanelSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlpanel.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.multiplebuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.multiplebutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.pseudotransparentpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.pseudotransparentplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radioSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radio.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radiosettingsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radiosettings.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.scriptbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.scriptbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.settingspluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.settingsplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.skinlauncherSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.skinlauncher.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.thirdpartyinstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.thirdpartyinstaller.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.urlalertbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.urlalertbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.xmlsessionpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.xmlsessionplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Fire Training\AppData\Roaming\pccustubinstaller"Successfully deleted: [Folder] "C:\Users\Fire Training\appdata\locallow\bringmesports_1c"Successfully deleted: [Folder] "C:\Program Files (x86)\bringmesports_1c" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 08/26/2013 at 17:41:55.57End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL LogOTL logfile created on: 8/26/2013 5:47:00 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fire Training\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 74.05% Memory free6.96 Gb Paging File | 5.98 Gb Available in Paging File | 86.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 450.17 Gb Total Space | 397.08 Gb Free Space | 88.21% Space Free | Partition Type: NTFSDrive D: | 702.82 Mb Total Space | 414.31 Mb Free Space | 58.95% Space Free | Partition Type: UDF Computer Name: FIRETRAINING-PC | User Name: Fire Training | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/04 23:35:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fire Training\Desktop\OTL.exePRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)SRV:64bit: - [2011/04/20 18:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)SRV - [2013/06/19 17:15:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/04/20 19:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/04/20 17:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/23 19:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes,DefaultScope = {69A840FF-1E32-498C-9B4A-2AB5FE7D2A05}IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOIE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{69A840FF-1E32-498C-9B4A-2AB5FE7D2A05}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS455IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1cffxtbr@BringMeSports_1c.com: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://start.toshiba.com/?cid=C001B2YCHR - Extension: Docs = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\CHR - Extension: Google Drive = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\CHR - Extension: YouTube = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/08/23 09:13:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O2 - BHO: (Toolbar BHO) - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbar.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (BringMeSports) - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3:64bit: - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [bringMeSports Search Scope Monitor] "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h File not foundO4 - HKLM..\Run: [bringMeSports_1c Browser Plugin Loader] C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe File not foundO4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)O4 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)O4 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C2AA0AF-732B-4421-A281-DEC28E55DDE1}: DhcpNameServer = 192.168.1.247O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286FF110-340D-4BA8-96BD-8C48967A95A9}: DhcpNameServer = 192.168.1.247O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/26 17:45:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fire Training\Desktop\OTL.exe[2013/08/26 17:35:08 | 000,000,000 | ---D | C] -- C:\windows\ERUNT[2013/08/26 17:34:25 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Fire Training\Desktop\JRT.exe[2013/08/26 17:28:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/08/26 17:09:46 | 054,048,025 | ---- | C] (ESET) -- C:\Users\Fire Training\Desktop\eea_package_nt64_msp.exe[2013/08/23 09:26:03 | 000,000,000 | ---D | C] -- C:\windows\temp[2013/08/23 09:14:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/08/21 16:03:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2013/08/21 16:03:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2013/08/21 16:03:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2013/08/21 16:03:40 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/08/21 16:03:22 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2013/08/21 16:02:59 | 005,109,506 | R--- | C] (Swearware) -- C:\Users\Fire Training\Desktop\ComboFix.exe[2013/08/21 14:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/08/21 14:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/08/21 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\Fire Training\Desktop\mbar[2013/08/21 14:48:17 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Fire Training\Desktop\mbar-1.06.1.1005.exe[2013/08/21 14:44:33 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fire Training\Desktop\tdsskiller.exe[2013/08/18 12:13:53 | 000,000,000 | ---D | C] -- C:\FRST[2013/08/14 15:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/26 17:46:10 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/08/26 17:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2013/08/26 17:25:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/08/26 17:20:10 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Fire Training\Desktop\JRT.exe[2013/08/26 17:09:10 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/26 17:09:10 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/26 17:07:55 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/08/26 11:17:47 | 000,824,762 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/08/26 11:17:47 | 000,178,694 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/08/26 11:17:47 | 000,006,222 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/08/26 09:17:49 | 000,994,642 | ---- | M] () -- C:\Users\Fire Training\Desktop\AdwCleaner.exe[2013/08/23 09:13:53 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2013/08/23 09:12:55 | 2801,364,992 | -HS- | M] () -- C:\hiberfil.sys[2013/08/22 08:53:41 | 000,891,115 | ---- | M] () -- C:\Users\Fire Training\Desktop\SecurityCheck.exe[2013/08/21 14:40:55 | 005,109,506 | R--- | M] (Swearware) -- C:\Users\Fire Training\Desktop\ComboFix.exe[2013/08/21 14:39:58 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Fire Training\Desktop\mbar-1.06.1.1005.exe[2013/08/21 14:37:49 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fire Training\Desktop\tdsskiller.exe[2013/08/07 18:15:30 | 000,418,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/26 17:26:44 | 000,994,642 | ---- | C] () -- C:\Users\Fire Training\Desktop\AdwCleaner.exe[2013/08/22 08:57:53 | 000,891,115 | ---- | C] () -- C:\Users\Fire Training\Desktop\SecurityCheck.exe[2013/08/21 16:03:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/08/21 16:03:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/08/21 16:03:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/08/21 16:03:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013/08/21 16:03:47 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2012/08/31 15:54:14 | 000,773,522 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2012/08/17 15:11:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini[2011/09/12 08:50:17 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe[2011/09/12 08:45:45 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll[2011/09/12 08:44:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin[2011/09/12 08:42:35 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 27, 2013 ID:721166 Share Posted August 27, 2013 Still have a little more to do, but we're nearly there.----------Step 1----------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox.:OTL[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ][2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] :Commands[purity][emptytemp][emptyjava][emptyflash][Reboot]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply.----------Step 2----------------Instructions for DELETE:Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Afterwards, please reboot the computer.----------Step 3----------------Please post the OTL and AdwCleaner reports in your next reply. How are things running now? Link to post Share on other sites More sharing options...
th3fall3n777 Posted August 29, 2013 Author ID:722212 Share Posted August 29, 2013 D-FRED-BROWN, I ran these final utilities as you instructed, but I have to let you know that at noon today, the client came back to pick up the laptop. Before they arrived, I completed these steps, and installed ESET Endpoint Antivirus. I was able to complete a scan with this, and Malwarebytes before they came, and both came back clean. I did let them know that there is more work to be done here; I would like to remove old, unpatched programs from the system, and make sure it has the most current Windows Security patches, and third party application patches such as Java. They are going to arrange for some time for me to do this. I didn't want to leave you hanging though - as it sounds like it is going to be about a week before I get the laptop back, I'm not sure what the process is - should we close this thread? The laptop was running great... Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted August 30, 2013 ID:722890 Share Posted August 30, 2013 Let me know when you get access to it again. All that needs to be done now is some minor housekeeping (removing outdated programs and such). Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 9, 2013 Root Admin ID:727716 Share Posted September 9, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts