Jump to content

madden101

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-23 21:11:30 Windows 6.1.7601 Service Pack 1 Running: 4tct28mh.exe ---- Files - GMER 1.0.15 ---- File C:\Windows\Temp\avg-7af02d2d-3792-4604-8b8a-2d42f8f1710b.tmp (size mismatch) 17220/0 bytes executable File C:\Windows\Temp\avg-a4ee3e08-6b65-4042-8a1b-db724671e72a.tmp (size mismatch) 3884/0 bytes executable File C:\Windows\Temp\avg-0b34be62-90b2-4409-b8f5-ac69dd008434.tmp (size mismatch) 15767/0 bytes executable File C:\Windows\Temp\avg-ba63602d-8161-432b-891e-777aad1cff30.tmp (size mismatch) 8341/0 bytes executable File C:\Windows\Temp\avg-d3e3ca21-a614-4e41-b17e-701918bed400.tmp (size mismatch) 17220/0 bytes executable File C:\Windows\Temp\avg-1594c525-7544-4726-bf5d-823e2c3a8a77.tmp (size mismatch) 21780/0 bytes executable ---- EOF - GMER 1.0.15 ----
  2. I can't untick or tick the boxes above Services. How do I save the scan from the initial startup scan?
  3. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-23 19:32:21 ----------------------------- 19:32:21.237 OS Version: Windows x64 6.1.7601 Service Pack 1 19:32:21.237 Number of processors: 2 586 0x100 19:32:21.237 ComputerName: OWNER-PC UserName: Owner 19:32:29.224 Initialize success 19:32:39.863 AVAST engine defs: 12042301 19:32:48.849 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070 19:32:48.849 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11 19:32:48.880 Disk 0 MBR read successfully 19:32:48.880 Disk 0 MBR scan 19:32:48.880 Disk 0 Windows VISTA default MBR code 19:32:48.896 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 19:32:48.911 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292137 MB offset 3074048 19:32:48.942 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11607 MB offset 601370624 19:32:49.005 Disk 0 scanning C:\windows\system32\drivers 19:33:04.324 Service scanning 19:34:07.411 Modules scanning 19:34:07.426 Disk 0 trace - called modules: 19:34:07.473 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 19:34:07.489 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003003060] 19:34:07.504 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8002edb310] 19:34:07.504 5 amd_xata.sys[fffff880010908b4] -> nt!IofCallDriver -> \Device\00000070[0xfffffa80029e4400] 19:34:10.063 AVAST engine scan C:\windows 19:34:15.538 AVAST engine scan C:\windows\system32 19:39:52.629 AVAST engine scan C:\windows\system32\drivers 19:40:17.261 AVAST engine scan C:\Users\Owner 19:46:20.679 AVAST engine scan C:\ProgramData 19:48:39.691 Scan finished successfully 19:49:08.348 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat" 19:49:08.348 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"
  4. I think I have a keylogger or viruses or a rat on my computer.
  5. ComboFix 12-04-23.02 - Owner 04/23/2012 18:17:03.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1600 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\AppData\Local\Temp\IswTmp\WH\0 c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\MapleStory.url . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-23 23:31 . 2012-04-23 23:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Owner\AppData\Local\Vitalwerks 2012-04-23 20:41 . 2012-04-23 20:41 -------- d-----w- c:\program files (x86)\No-IP 2012-04-23 05:27 . 2012-04-23 05:27 40928 ----a-w- c:\windows\system32\drivers\VSPE.sys 2012-04-23 04:25 . 2012-04-23 04:25 126 ----a-w- C:\user.js 2012-04-23 04:25 . 2012-04-23 04:25 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD 2012-04-23 04:24 . 2012-04-23 04:24 -------- d-----w- c:\users\Owner\AppData\Roaming\CheckPoint 2012-04-23 04:24 . 2012-04-23 04:24 -------- d-----w- c:\program files\CheckPoint 2012-04-23 04:02 . 2012-04-23 17:42 -------- d-----w- c:\programdata\CheckPoint 2012-04-23 04:02 . 2012-04-23 17:43 -------- d-----w- c:\program files (x86)\CheckPoint 2012-04-21 14:52 . 2012-04-21 14:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Microsoft Corporation 2012-04-21 05:06 . 2012-04-21 05:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server 2012-04-21 05:05 . 2012-04-21 05:05 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-04-21 05:05 . 2012-04-21 05:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-04-21 05:05 . 2012-04-21 05:05 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-04-21 05:04 . 2012-04-22 08:41 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-04-21 05:01 . 2012-04-21 05:07 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-04-21 04:59 . 2012-04-21 04:59 -------- d-----w- c:\windows\symbols 2012-04-21 04:59 . 2012-04-21 04:59 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-04-21 04:59 . 2012-04-21 04:59 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-04-21 04:59 . 2012-04-21 04:59 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-04-21 01:59 . 2012-04-21 02:00 -------- d-----w- c:\users\Owner\.idlerc 2012-04-21 01:51 . 2009-07-05 12:36 354304 ----a-w- c:\windows\SysWow64\pythoncom26.dll 2012-04-21 01:51 . 2009-07-05 12:35 110592 ----a-w- c:\windows\SysWow64\pywintypes26.dll 2012-04-21 01:51 . 2012-04-21 03:21 -------- d-----w- C:\Python26 2012-04-19 22:41 . 2012-04-19 22:41 -------- d-----w- c:\program files (x86)\TeamViewer 2012-04-19 19:56 . 2012-04-19 19:56 0 ----a-w- c:\windows\SysWow64\sho5910.tmp 2012-04-17 23:28 . 2012-04-17 23:28 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com 2012-04-17 23:27 . 2012-04-17 23:28 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-17 23:27 . 2012-04-17 23:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-04-17 21:09 . 2012-04-17 21:09 0 ----a-w- c:\windows\SysWow64\sho66FF.tmp 2012-04-16 20:38 . 2012-04-16 20:38 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG2012 2012-04-16 20:37 . 2012-04-16 20:37 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-04-16 20:36 . 2012-04-16 20:36 -------- d-----w- C:\$AVG 2012-04-16 20:36 . 2012-04-23 04:35 -------- d-----w- c:\windows\system32\drivers\AVG 2012-04-16 20:36 . 2012-04-22 18:29 -------- d-----w- c:\programdata\AVG2012 2012-04-16 20:35 . 2012-04-16 20:35 -------- d-----w- c:\program files (x86)\AVG 2012-04-16 12:01 . 2012-04-16 12:01 -------- d--h--w- c:\programdata\Common Files 2012-04-16 12:00 . 2012-04-23 05:13 -------- d-----w- c:\programdata\MFAData 2012-04-13 11:55 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D2968C53-1442-48D6-8885-6B85FE2A930E}\mpengine.dll 2012-04-11 08:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 08:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 08:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-11 08:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 08:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 08:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-11 08:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 08:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 08:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-11 08:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-08 04:28 . 2012-04-08 04:28 -------- d-----w- c:\users\Owner\AppData\Roaming\Runscanner.net 2012-04-08 04:16 . 2012-04-08 04:16 -------- d-----w- c:\program files (x86)\NirSoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-19 23:28 . 2012-01-23 11:42 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-03-19 23:28 . 2011-09-20 11:39 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-03-04 12:15 . 2012-01-23 11:42 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 10:25 . 2012-02-22 10:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-02-22 10:25 . 2012-02-22 10:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-02-17 12:58 . 2012-02-17 12:58 0 ----a-w- c:\windows\SysWow64\sho1FB0.tmp 2012-02-17 06:38 . 2012-03-13 19:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 19:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 19:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 19:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:36 . 2012-03-13 22:51 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-13 22:51 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-04 02:21 . 2012-02-04 02:21 0 ----a-w- c:\windows\SysWow64\sho3997.tmp 2012-02-03 04:34 . 2012-03-13 22:51 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-02 05:22 . 2012-02-02 05:22 17 ----a-w- c:\windows\SysWow64\sho795C.tmp 2012-01-31 09:46 . 2012-01-31 09:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-01-29 06:12 . 2012-01-29 06:12 0 ----a-w- c:\windows\SysWow64\sho4368.tmp 2012-01-25 06:38 . 2012-03-13 19:53 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 06:38 . 2012-03-13 19:53 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 06:33 . 2012-03-13 19:53 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}] 2012-03-14 04:41 266960 ----a-w- c:\program files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"= "c:\program files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll" [2012-03-14 274640] . [HKEY_CLASSES_ROOT\clsid\{438fae3e-bdef-44d3-ab8b-0c7c8350df59}] [HKEY_CLASSES_ROOT\checkpoint.zonealarmdskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\checkpoint.zonealarmdskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MurGee.com Auto Clicker"="c:\program files (x86)\Auto Clicker\AutoClicker.exe" [2011-05-05 40960] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-15 3077528] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-08-30 4992880] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-19 108136] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200] "MotiveReportAgent"="c:\program files (x86)\Common Files\Motive\McciBootStrapper.exe" [2004-06-25 204800] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176] R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-03-16 33672] S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-03-16 827520] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 68068811 *Deregistered* - 68068811 . Contents of the 'Scheduled Tasks' folder . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 03:46] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 03:46] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com/?l=dis&o=15486 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lnf27lyq.default\ FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112709762404876-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=84395b5400000000000068a3c4c35065&q= FF - user.js: extensions.zonealarm.id - 84395b5400000000000068a3c4c35065 FF - user.js: extensions.zonealarm.instlDay - 15453 FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:25 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1600 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN112709762404876-1600 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-ISW - (no file) AddRemove-pywin32-py2.6 - c:\python26\Removepywin32.exe AddRemove-pyHook-py2.6 - c:\python26\RemovepyHook.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-23 18:37:31 ComboFix-quarantined-files.txt 2012-04-23 23:37 . Pre-Run: 216,774,766,592 bytes free Post-Run: 216,388,362,240 bytes free . - - End Of File - - 254ADFDEED5EC61F468E918B241B9EC1
  6. 17:44:54.0738 0544 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34 17:44:56.0742 0544 ============================================================ 17:44:56.0742 0544 Current date / time: 2012/04/23 17:44:56.0742 17:44:56.0742 0544 SystemInfo: 17:44:56.0742 0544 17:44:56.0745 0544 OS Version: 6.1.7601 ServicePack: 1.0 17:44:56.0745 0544 Product type: Workstation 17:44:56.0745 0544 ComputerName: OWNER-PC 17:44:56.0755 0544 UserName: Owner 17:44:56.0755 0544 Windows directory: C:\windows 17:44:56.0755 0544 System windows directory: C:\windows 17:44:56.0755 0544 Running under WOW64 17:44:56.0755 0544 Processor architecture: Intel x64 17:44:56.0755 0544 Number of processors: 2 17:44:56.0755 0544 Page size: 0x1000 17:44:56.0755 0544 Boot type: Normal boot 17:44:56.0755 0544 ============================================================ 17:44:59.0451 0544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 17:44:59.0461 0544 ============================================================ 17:44:59.0461 0544 \Device\Harddisk0\DR0: 17:44:59.0461 0544 MBR partitions: 17:44:59.0461 0544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800 17:44:59.0461 0544 ============================================================ 17:44:59.0489 0544 C: <-> \Device\Harddisk0\DR0\Partition0 17:44:59.0489 0544 ============================================================ 17:44:59.0489 0544 Initialize success 17:44:59.0489 0544 ============================================================ 17:45:22.0079 5832 ============================================================ 17:45:22.0079 5832 Scan started 17:45:22.0079 5832 Mode: Manual; SigCheck; TDLFS; 17:45:22.0079 5832 ============================================================ 17:45:23.0126 5832 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 17:45:23.0316 5832 !SASCORE - ok 17:45:23.0544 5832 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 17:45:23.0661 5832 1394ohci - ok 17:45:23.0716 5832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 17:45:23.0756 5832 ACPI - ok 17:45:23.0801 5832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 17:45:23.0924 5832 AcpiPmi - ok 17:45:23.0989 5832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 17:45:24.0039 5832 adp94xx - ok 17:45:24.0111 5832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 17:45:24.0151 5832 adpahci - ok 17:45:24.0196 5832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 17:45:24.0231 5832 adpu320 - ok 17:45:24.0279 5832 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 17:45:24.0479 5832 AeLookupSvc - ok 17:45:24.0544 5832 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 17:45:24.0624 5832 AFD - ok 17:45:24.0669 5832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 17:45:24.0699 5832 agp440 - ok 17:45:24.0739 5832 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 17:45:24.0804 5832 ALG - ok 17:45:24.0856 5832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 17:45:24.0886 5832 aliide - ok 17:45:24.0939 5832 AMD External Events Utility (a8b81d750556fb9a9266ec65bfab63af) C:\windows\system32\atiesrxx.exe 17:45:25.0021 5832 AMD External Events Utility - ok 17:45:25.0054 5832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 17:45:25.0094 5832 amdide - ok 17:45:25.0151 5832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 17:45:25.0226 5832 AmdK8 - ok 17:45:25.0898 5832 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys 17:45:26.0238 5832 amdkmdag - ok 17:45:26.0428 5832 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys 17:45:26.0510 5832 amdkmdap - ok 17:45:26.0545 5832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 17:45:26.0605 5832 AmdPPM - ok 17:45:26.0648 5832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 17:45:26.0689 5832 amdsata - ok 17:45:26.0749 5832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 17:45:26.0799 5832 amdsbs - ok 17:45:26.0849 5832 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 17:45:26.0886 5832 amdxata - ok 17:45:26.0924 5832 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys 17:45:27.0024 5832 amd_sata - ok 17:45:27.0059 5832 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys 17:45:27.0089 5832 amd_xata - ok 17:45:27.0141 5832 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 17:45:27.0256 5832 AppID - ok 17:45:27.0324 5832 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 17:45:27.0419 5832 AppIDSvc - ok 17:45:27.0464 5832 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 17:45:27.0576 5832 Appinfo - ok 17:45:27.0621 5832 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 17:45:27.0654 5832 arc - ok 17:45:27.0666 5832 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 17:45:27.0699 5832 arcsas - ok 17:45:27.0859 5832 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 17:45:27.0901 5832 aspnet_state - ok 17:45:27.0929 5832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 17:45:28.0031 5832 AsyncMac - ok 17:45:28.0064 5832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 17:45:28.0091 5832 atapi - ok 17:45:28.0181 5832 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:45:28.0286 5832 AudioEndpointBuilder - ok 17:45:28.0304 5832 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 17:45:28.0404 5832 AudioSrv - ok 17:45:28.0461 5832 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys 17:45:28.0489 5832 Avgfwfd - ok 17:45:28.0884 5832 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 17:45:28.0989 5832 avgfws - ok 17:45:29.0621 5832 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 17:45:29.0889 5832 AVGIDSAgent - ok 17:45:30.0071 5832 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys 17:45:30.0111 5832 AVGIDSDriver - ok 17:45:30.0153 5832 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\windows\system32\DRIVERS\avgidseha.sys 17:45:30.0183 5832 AVGIDSEH - ok 17:45:30.0211 5832 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys 17:45:30.0238 5832 AVGIDSFilter - ok 17:45:30.0308 5832 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys 17:45:30.0343 5832 Avgldx64 - ok 17:45:30.0396 5832 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys 17:45:30.0426 5832 Avgmfx64 - ok 17:45:30.0481 5832 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys 17:45:30.0518 5832 Avgrkx64 - ok 17:45:30.0768 5832 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\windows\system32\DRIVERS\avgtdia.sys 17:45:30.0813 5832 Avgtdia - ok 17:45:31.0068 5832 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 17:45:31.0098 5832 avgwd - ok 17:45:31.0160 5832 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 17:45:31.0290 5832 AxInstSV - ok 17:45:31.0375 5832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 17:45:31.0458 5832 b06bdrv - ok 17:45:31.0523 5832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 17:45:31.0593 5832 b57nd60a - ok 17:45:31.0655 5832 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 17:45:31.0728 5832 BDESVC - ok 17:45:31.0765 5832 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 17:45:31.0870 5832 Beep - ok 17:45:31.0975 5832 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 17:45:32.0085 5832 BFE - ok 17:45:32.0173 5832 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 17:45:32.0348 5832 BITS - ok 17:45:32.0415 5832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 17:45:32.0475 5832 blbdrive - ok 17:45:32.0528 5832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 17:45:32.0585 5832 bowser - ok 17:45:32.0623 5832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 17:45:32.0675 5832 BrFiltLo - ok 17:45:32.0708 5832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 17:45:32.0755 5832 BrFiltUp - ok 17:45:32.0810 5832 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 17:45:32.0928 5832 Browser - ok 17:45:32.0987 5832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 17:45:33.0065 5832 Brserid - ok 17:45:33.0100 5832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 17:45:33.0162 5832 BrSerWdm - ok 17:45:33.0192 5832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 17:45:33.0257 5832 BrUsbMdm - ok 17:45:33.0284 5832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 17:45:33.0339 5832 BrUsbSer - ok 17:45:33.0372 5832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 17:45:33.0434 5832 BTHMODEM - ok 17:45:33.0479 5832 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 17:45:33.0584 5832 bthserv - ok 17:45:33.0629 5832 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS 17:45:33.0659 5832 BVRPMPR5a64 - ok 17:45:33.0702 5832 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 17:45:33.0807 5832 cdfs - ok 17:45:33.0849 5832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 17:45:33.0909 5832 cdrom - ok 17:45:33.0962 5832 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:45:34.0087 5832 CertPropSvc - ok 17:45:34.0139 5832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 17:45:34.0197 5832 circlass - ok 17:45:34.0254 5832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 17:45:34.0302 5832 CLFS - ok 17:45:34.0362 5832 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 17:45:34.0409 5832 clr_optimization_v2.0.50727_32 - ok 17:45:34.0457 5832 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 17:45:34.0484 5832 clr_optimization_v2.0.50727_64 - ok 17:45:34.0627 5832 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 17:45:34.0664 5832 clr_optimization_v4.0.30319_32 - ok 17:45:34.0777 5832 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 17:45:34.0812 5832 clr_optimization_v4.0.30319_64 - ok 17:45:34.0842 5832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 17:45:34.0904 5832 CmBatt - ok 17:45:34.0924 5832 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 17:45:34.0954 5832 cmdide - ok 17:45:35.0024 5832 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 17:45:35.0102 5832 CNG - ok 17:45:35.0272 5832 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys 17:45:35.0359 5832 CnxtHdAudService - ok 17:45:35.0495 5832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 17:45:35.0535 5832 Compbatt - ok 17:45:35.0577 5832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 17:45:35.0642 5832 CompositeBus - ok 17:45:35.0662 5832 COMSysApp - ok 17:45:35.0685 5832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 17:45:35.0715 5832 crcdisk - ok 17:45:35.0797 5832 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 17:45:35.0902 5832 CryptSvc - ok 17:45:36.0112 5832 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 17:45:36.0177 5832 cvhsvc - ok 17:45:36.0245 5832 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:45:36.0357 5832 DcomLaunch - ok 17:45:36.0412 5832 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 17:45:36.0525 5832 defragsvc - ok 17:45:36.0605 5832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 17:45:36.0715 5832 DfsC - ok 17:45:36.0782 5832 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 17:45:36.0892 5832 Dhcp - ok 17:45:36.0950 5832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 17:45:37.0087 5832 discache - ok 17:45:37.0135 5832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 17:45:37.0167 5832 Disk - ok 17:45:37.0215 5832 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 17:45:37.0285 5832 Dnscache - ok 17:45:37.0330 5832 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 17:45:37.0435 5832 dot3svc - ok 17:45:37.0465 5832 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 17:45:37.0567 5832 DPS - ok 17:45:37.0607 5832 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 17:45:37.0662 5832 drmkaud - ok 17:45:37.0745 5832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 17:45:37.0832 5832 DXGKrnl - ok 17:45:37.0857 5832 EagleX64 - ok 17:45:37.0897 5832 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 17:45:38.0004 5832 EapHost - ok 17:45:38.0272 5832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 17:45:38.0477 5832 ebdrv - ok 17:45:38.0604 5832 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 17:45:38.0679 5832 EFS - ok 17:45:38.0774 5832 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 17:45:38.0879 5832 ehRecvr - ok 17:45:38.0932 5832 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 17:45:38.0979 5832 ehSched - ok 17:45:39.0102 5832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 17:45:39.0146 5832 elxstor - ok 17:45:39.0164 5832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 17:45:39.0216 5832 ErrDev - ok 17:45:39.0269 5832 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys 17:45:39.0302 5832 ETD - ok 17:45:39.0364 5832 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 17:45:39.0473 5832 EventSystem - ok 17:45:39.0511 5832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 17:45:39.0600 5832 exfat - ok 17:45:39.0648 5832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 17:45:39.0757 5832 fastfat - ok 17:45:39.0776 5832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 17:45:39.0837 5832 fdc - ok 17:45:39.0883 5832 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 17:45:39.0997 5832 fdPHost - ok 17:45:40.0024 5832 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 17:45:40.0114 5832 FDResPub - ok 17:45:40.0154 5832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 17:45:40.0185 5832 FileInfo - ok 17:45:40.0208 5832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 17:45:40.0317 5832 Filetrace - ok 17:45:40.0344 5832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 17:45:40.0387 5832 flpydisk - ok 17:45:40.0429 5832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 17:45:40.0469 5832 FltMgr - ok 17:45:40.0581 5832 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 17:45:40.0685 5832 FontCache - ok 17:45:40.0790 5832 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 17:45:40.0830 5832 FontCache3.0.0.0 - ok 17:45:40.0885 5832 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 17:45:40.0916 5832 FsDepends - ok 17:45:40.0956 5832 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 17:45:40.0986 5832 Fs_Rec - ok 17:45:41.0030 5832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 17:45:41.0072 5832 fvevol - ok 17:45:41.0115 5832 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys 17:45:41.0176 5832 FwLnk - ok 17:45:41.0216 5832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 17:45:41.0247 5832 gagp30kx - ok 17:45:41.0348 5832 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 17:45:41.0455 5832 gpsvc - ok 17:45:41.0620 5832 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:45:41.0653 5832 gupdate - ok 17:45:41.0688 5832 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 17:45:41.0716 5832 gupdatem - ok 17:45:41.0748 5832 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\windows\system32\DRIVERS\hamachi.sys 17:45:41.0776 5832 hamachi - ok 17:45:41.0803 5832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 17:45:41.0874 5832 hcw85cir - ok 17:45:41.0936 5832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 17:45:42.0001 5832 HdAudAddService - ok 17:45:42.0043 5832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 17:45:42.0106 5832 HDAudBus - ok 17:45:42.0130 5832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 17:45:42.0182 5832 HidBatt - ok 17:45:42.0208 5832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 17:45:42.0271 5832 HidBth - ok 17:45:42.0288 5832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 17:45:42.0338 5832 HidIr - ok 17:45:42.0379 5832 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 17:45:42.0483 5832 hidserv - ok 17:45:42.0541 5832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 17:45:42.0583 5832 HidUsb - ok 17:45:42.0631 5832 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 17:45:42.0731 5832 hkmsvc - ok 17:45:42.0779 5832 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 17:45:42.0852 5832 HomeGroupListener - ok 17:45:42.0891 5832 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 17:45:42.0946 5832 HomeGroupProvider - ok 17:45:42.0992 5832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 17:45:43.0038 5832 HpSAMD - ok 17:45:43.0245 5832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 17:45:43.0365 5832 HTTP - ok 17:45:43.0397 5832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 17:45:43.0427 5832 hwpolicy - ok 17:45:43.0470 5832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 17:45:43.0514 5832 i8042prt - ok 17:45:43.0587 5832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 17:45:43.0632 5832 iaStorV - ok 17:45:43.0791 5832 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 17:45:43.0848 5832 idsvc - ok 17:45:43.0888 5832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 17:45:43.0918 5832 iirsp - ok 17:45:44.0013 5832 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 17:45:44.0131 5832 IKEEXT - ok 17:45:44.0153 5832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 17:45:44.0183 5832 intelide - ok 17:45:44.0216 5832 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 17:45:44.0268 5832 intelppm - ok 17:45:44.0326 5832 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 17:45:44.0456 5832 IPBusEnum - ok 17:45:44.0496 5832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 17:45:44.0583 5832 IpFilterDriver - ok 17:45:44.0671 5832 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 17:45:44.0778 5832 iphlpsvc - ok 17:45:44.0806 5832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 17:45:44.0863 5832 IPMIDRV - ok 17:45:44.0891 5832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 17:45:44.0991 5832 IPNAT - ok 17:45:45.0026 5832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 17:45:45.0078 5832 IRENUM - ok 17:45:45.0113 5832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 17:45:45.0141 5832 isapnp - ok 17:45:45.0166 5832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 17:45:45.0209 5832 iScsiPrt - ok 17:45:45.0320 5832 ISWKL (2f062e9aa964c05241a213bd7b6ff935) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys 17:45:45.0365 5832 ISWKL - ok 17:45:45.0502 5832 IswSvc (9a7e564c1d2a8b6768e9c6872b9d0e2f) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe 17:45:45.0567 5832 IswSvc - ok 17:45:45.0609 5832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 17:45:45.0639 5832 kbdclass - ok 17:45:45.0702 5832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 17:45:45.0759 5832 kbdhid - ok 17:45:45.0792 5832 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:45:45.0834 5832 KeyIso - ok 17:45:45.0862 5832 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 17:45:45.0894 5832 KSecDD - ok 17:45:45.0922 5832 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 17:45:45.0954 5832 KSecPkg - ok 17:45:45.0987 5832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 17:45:46.0089 5832 ksthunk - ok 17:45:46.0152 5832 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 17:45:46.0257 5832 KtmRm - ok 17:45:46.0299 5832 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys 17:45:46.0329 5832 L1C - ok 17:45:46.0377 5832 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 17:45:46.0484 5832 LanmanServer - ok 17:45:46.0534 5832 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 17:45:46.0632 5832 LanmanWorkstation - ok 17:45:46.0692 5832 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 17:45:46.0802 5832 lltdio - ok 17:45:46.0852 5832 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 17:45:46.0959 5832 lltdsvc - ok 17:45:46.0987 5832 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 17:45:47.0077 5832 lmhosts - ok 17:45:47.0129 5832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 17:45:47.0162 5832 LSI_FC - ok 17:45:47.0202 5832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 17:45:47.0237 5832 LSI_SAS - ok 17:45:47.0269 5832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 17:45:47.0302 5832 LSI_SAS2 - ok 17:45:47.0337 5832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 17:45:47.0372 5832 LSI_SCSI - ok 17:45:47.0399 5832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 17:45:47.0514 5832 luafv - ok 17:45:47.0572 5832 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys 17:45:47.0599 5832 MBAMProtector - ok 17:45:47.0769 5832 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 17:45:47.0821 5832 MBAMService - ok 17:45:47.0864 5832 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 17:45:47.0914 5832 Mcx2Svc - ok 17:45:47.0976 5832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 17:45:48.0006 5832 megasas - ok 17:45:48.0049 5832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 17:45:48.0094 5832 MegaSR - ok 17:45:48.0161 5832 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:45:48.0276 5832 MMCSS - ok 17:45:48.0304 5832 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 17:45:48.0396 5832 Modem - ok 17:45:48.0431 5832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 17:45:48.0484 5832 monitor - ok 17:45:48.0519 5832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 17:45:48.0549 5832 mouclass - ok 17:45:48.0591 5832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 17:45:48.0649 5832 mouhid - ok 17:45:48.0724 5832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 17:45:48.0766 5832 mountmgr - ok 17:45:48.0819 5832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 17:45:48.0856 5832 mpio - ok 17:45:48.0879 5832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 17:45:48.0969 5832 mpsdrv - ok 17:45:49.0061 5832 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 17:45:49.0174 5832 MpsSvc - ok 17:45:49.0206 5832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 17:45:49.0276 5832 MRxDAV - ok 17:45:49.0319 5832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 17:45:49.0399 5832 mrxsmb - ok 17:45:49.0439 5832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 17:45:49.0489 5832 mrxsmb10 - ok 17:45:49.0534 5832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 17:45:49.0576 5832 mrxsmb20 - ok 17:45:49.0599 5832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys 17:45:49.0631 5832 msahci - ok 17:45:49.0659 5832 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 17:45:49.0694 5832 msdsm - ok 17:45:49.0731 5832 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 17:45:49.0791 5832 MSDTC - ok 17:45:49.0846 5832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 17:45:49.0931 5832 Msfs - ok 17:45:49.0954 5832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 17:45:50.0054 5832 mshidkmdf - ok 17:45:50.0079 5832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 17:45:50.0109 5832 msisadrv - ok 17:45:50.0156 5832 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 17:45:50.0256 5832 MSiSCSI - ok 17:45:50.0264 5832 msiserver - ok 17:45:50.0316 5832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 17:45:50.0409 5832 MSKSSRV - ok 17:45:50.0439 5832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 17:45:50.0534 5832 MSPCLOCK - ok 17:45:50.0564 5832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 17:45:50.0666 5832 MSPQM - ok 17:45:50.0704 5832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 17:45:50.0744 5832 MsRPC - ok 17:45:50.0784 5832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 17:45:50.0814 5832 mssmbios - ok 17:45:50.0834 5832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 17:45:50.0929 5832 MSTEE - ok 17:45:50.0961 5832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 17:45:51.0001 5832 MTConfig - ok 17:45:51.0026 5832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 17:45:51.0056 5832 Mup - ok 17:45:51.0126 5832 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 17:45:51.0241 5832 napagent - ok 17:45:51.0316 5832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 17:45:51.0394 5832 NativeWifiP - ok 17:45:51.0509 5832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 17:45:51.0569 5832 NDIS - ok 17:45:51.0609 5832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 17:45:51.0709 5832 NdisCap - ok 17:45:51.0746 5832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 17:45:51.0836 5832 NdisTapi - ok 17:45:51.0849 5832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 17:45:51.0939 5832 Ndisuio - ok 17:45:51.0976 5832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 17:45:52.0079 5832 NdisWan - ok 17:45:52.0121 5832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 17:45:52.0206 5832 NDProxy - ok 17:45:52.0234 5832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 17:45:52.0336 5832 NetBIOS - ok 17:45:52.0421 5832 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 17:45:52.0516 5832 NetBT - ok 17:45:52.0549 5832 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:45:52.0589 5832 Netlogon - ok 17:45:52.0651 5832 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 17:45:52.0761 5832 Netman - ok 17:45:52.0939 5832 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:52.0969 5832 NetMsmqActivator - ok 17:45:52.0994 5832 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:53.0024 5832 NetPipeActivator - ok 17:45:53.0086 5832 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 17:45:53.0201 5832 netprofm - ok 17:45:53.0274 5832 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:53.0314 5832 NetTcpActivator - ok 17:45:53.0371 5832 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 17:45:53.0406 5832 NetTcpPortSharing - ok 17:45:53.0489 5832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 17:45:53.0519 5832 nfrd960 - ok 17:45:53.0574 5832 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 17:45:53.0684 5832 NlaSvc - ok 17:45:53.0711 5832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 17:45:53.0794 5832 Npfs - ok 17:45:53.0831 5832 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 17:45:53.0926 5832 nsi - ok 17:45:53.0961 5832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 17:45:54.0059 5832 nsiproxy - ok 17:45:54.0219 5832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 17:45:54.0306 5832 Ntfs - ok 17:45:54.0451 5832 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 17:45:54.0544 5832 Null - ok 17:45:54.0596 5832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 17:45:54.0629 5832 nvraid - ok 17:45:54.0666 5832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 17:45:54.0701 5832 nvstor - ok 17:45:54.0754 5832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 17:45:54.0786 5832 nv_agp - ok 17:45:54.0814 5832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 17:45:54.0854 5832 ohci1394 - ok 17:45:54.0978 5832 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 17:45:55.0008 5832 ose - ok 17:45:55.0377 5832 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 17:45:55.0615 5832 osppsvc - ok 17:45:55.0762 5832 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:45:55.0842 5832 p2pimsvc - ok 17:45:55.0919 5832 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 17:45:55.0972 5832 p2psvc - ok 17:45:57.0077 5832 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 17:45:57.0126 5832 Parport - ok 17:45:57.0648 5832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 17:45:57.0694 5832 partmgr - ok 17:45:57.0887 5832 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 17:45:57.0970 5832 PcaSvc - ok 17:45:57.0996 5832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 17:45:58.0037 5832 pci - ok 17:45:58.0067 5832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys 17:45:58.0103 5832 pciide - ok 17:45:58.0131 5832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 17:45:58.0166 5832 pcmcia - ok 17:45:58.0187 5832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 17:45:58.0224 5832 pcw - ok 17:45:58.0278 5832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 17:45:58.0396 5832 PEAUTH - ok 17:45:58.0738 5832 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 17:45:58.0818 5832 PerfHost - ok 17:45:58.0871 5832 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys 17:45:58.0911 5832 PGEffect - ok 17:45:59.0048 5832 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 17:45:59.0178 5832 pla - ok 17:45:59.0256 5832 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 17:45:59.0333 5832 PlugPlay - ok 17:45:59.0368 5832 PnkBstrA - ok 17:45:59.0403 5832 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 17:45:59.0458 5832 PNRPAutoReg - ok 17:45:59.0513 5832 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 17:45:59.0563 5832 PNRPsvc - ok 17:45:59.0628 5832 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 17:45:59.0733 5832 PolicyAgent - ok 17:45:59.0780 5832 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 17:45:59.0890 5832 Power - ok 17:45:59.0970 5832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 17:46:00.0073 5832 PptpMiniport - ok 17:46:00.0103 5832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 17:46:00.0160 5832 Processor - ok 17:46:00.0213 5832 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 17:46:00.0313 5832 ProfSvc - ok 17:46:00.0350 5832 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:46:00.0388 5832 ProtectedStorage - ok 17:46:00.0485 5832 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 17:46:00.0593 5832 Psched - ok 17:46:00.0735 5832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 17:46:00.0815 5832 ql2300 - ok 17:46:00.0960 5832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 17:46:01.0003 5832 ql40xx - ok 17:46:01.0045 5832 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 17:46:01.0103 5832 QWAVE - ok 17:46:01.0145 5832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 17:46:01.0200 5832 QWAVEdrv - ok 17:46:01.0223 5832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 17:46:01.0320 5832 RasAcd - ok 17:46:01.0365 5832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 17:46:01.0455 5832 RasAgileVpn - ok 17:46:01.0488 5832 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 17:46:01.0580 5832 RasAuto - ok 17:46:01.0635 5832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 17:46:01.0730 5832 Rasl2tp - ok 17:46:01.0805 5832 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 17:46:01.0901 5832 RasMan - ok 17:46:01.0935 5832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 17:46:02.0045 5832 RasPppoe - ok 17:46:02.0097 5832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 17:46:02.0197 5832 RasSstp - ok 17:46:02.0637 5832 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 17:46:02.0769 5832 rdbss - ok 17:46:02.0834 5832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 17:46:02.0894 5832 rdpbus - ok 17:46:02.0917 5832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 17:46:03.0007 5832 RDPCDD - ok 17:46:03.0034 5832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 17:46:03.0124 5832 RDPENCDD - ok 17:46:03.0164 5832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 17:46:03.0249 5832 RDPREFMP - ok 17:46:03.0552 5832 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 17:46:03.0657 5832 RDPWD - ok 17:46:03.0741 5832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 17:46:03.0784 5832 rdyboost - ok 17:46:03.0881 5832 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 17:46:03.0991 5832 RemoteAccess - ok 17:46:04.0038 5832 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 17:46:04.0136 5832 RemoteRegistry - ok 17:46:04.0198 5832 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 17:46:04.0293 5832 RpcEptMapper - ok 17:46:04.0341 5832 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 17:46:04.0393 5832 RpcLocator - ok 17:46:04.0491 5832 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 17:46:04.0598 5832 RpcSs - ok 17:46:04.0655 5832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 17:46:04.0743 5832 rspndr - ok 17:46:04.0813 5832 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys 17:46:04.0893 5832 RSUSBSTOR - ok 17:46:05.0788 5832 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys 17:46:05.0888 5832 RTL8192Ce - ok 17:46:06.0030 5832 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:46:06.0078 5832 SamSs - ok 17:46:06.0348 5832 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 17:46:06.0388 5832 SASDIFSV - ok 17:46:06.0455 5832 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 17:46:06.0485 5832 SASKUTIL - ok 17:46:06.0718 5832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 17:46:06.0760 5832 sbp2port - ok 17:46:07.0395 5832 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 17:46:07.0525 5832 SCardSvr - ok 17:46:07.0605 5832 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys 17:46:07.0653 5832 SCDEmu - ok 17:46:07.0685 5832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 17:46:07.0785 5832 scfilter - ok 17:46:09.0165 5832 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 17:46:09.0310 5832 Schedule - ok 17:46:09.0410 5832 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 17:46:09.0502 5832 SCPolicySvc - ok 17:46:09.0592 5832 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 17:46:09.0691 5832 SDRSVC - ok 17:46:09.0809 5832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 17:46:09.0908 5832 secdrv - ok 17:46:09.0988 5832 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 17:46:10.0081 5832 seclogon - ok 17:46:10.0216 5832 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 17:46:10.0326 5832 SENS - ok 17:46:10.0376 5832 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 17:46:10.0463 5832 SensrSvc - ok 17:46:10.0538 5832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 17:46:10.0596 5832 Serenum - ok 17:46:10.0883 5832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 17:46:11.0018 5832 Serial - ok 17:46:11.0070 5832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 17:46:11.0127 5832 sermouse - ok 17:46:11.0232 5832 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 17:46:11.0340 5832 SessionEnv - ok 17:46:11.0500 5832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 17:46:11.0557 5832 sffdisk - ok 17:46:11.0565 5832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 17:46:11.0622 5832 sffp_mmc - ok 17:46:11.0702 5832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 17:46:11.0765 5832 sffp_sd - ok 17:46:11.0800 5832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 17:46:11.0860 5832 sfloppy - ok 17:46:12.0227 5832 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys 17:46:12.0299 5832 Sftfs - ok 17:46:12.0699 5832 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 17:46:12.0757 5832 sftlist - ok 17:46:12.0892 5832 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys 17:46:12.0947 5832 Sftplay - ok 17:46:12.0984 5832 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys 17:46:13.0012 5832 Sftredir - ok 17:46:13.0094 5832 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys 17:46:13.0132 5832 Sftvol - ok 17:46:13.0499 5832 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 17:46:13.0566 5832 sftvsa - ok 17:46:13.0646 5832 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 17:46:13.0739 5832 SharedAccess - ok 17:46:13.0941 5832 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 17:46:14.0061 5832 ShellHWDetection - ok 17:46:14.0156 5832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 17:46:14.0196 5832 SiSRaid2 - ok 17:46:14.0263 5832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 17:46:14.0308 5832 SiSRaid4 - ok 17:46:14.0350 5832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 17:46:14.0455 5832 Smb - ok 17:46:14.0498 5832 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 17:46:14.0550 5832 SNMPTRAP - ok 17:46:14.0613 5832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 17:46:14.0643 5832 spldr - ok 17:46:15.0077 5832 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 17:46:15.0197 5832 Spooler - ok 17:46:16.0130 5832 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 17:46:16.0292 5832 sppsvc - ok 17:46:16.0655 5832 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 17:46:16.0742 5832 sppuinotify - ok 17:46:17.0060 5832 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 17:46:17.0165 5832 srv - ok 17:46:17.0360 5832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 17:46:17.0457 5832 srv2 - ok 17:46:17.0705 5832 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 17:46:17.0753 5832 srvnet - ok 17:46:17.0875 5832 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 17:46:18.0005 5832 SSDPSRV - ok 17:46:18.0061 5832 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 17:46:18.0148 5832 SstpSvc - ok 17:46:18.0241 5832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 17:46:18.0278 5832 stexstor - ok 17:46:18.0552 5832 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 17:46:18.0650 5832 stisvc - ok 17:46:18.0725 5832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 17:46:18.0776 5832 swenum - ok 17:46:18.0937 5832 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 17:46:19.0105 5832 swprv - ok 17:46:21.0773 5832 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 17:46:21.0933 5832 SysMain - ok 17:46:22.0518 5832 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 17:46:22.0583 5832 TabletInputService - ok 17:46:22.0818 5832 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 17:46:22.0988 5832 TapiSrv - ok 17:46:23.0525 5832 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 17:46:23.0698 5832 TBS - ok 17:46:25.0038 5832 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 17:46:25.0165 5832 Tcpip - ok 17:46:26.0518 5832 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 17:46:26.0603 5832 TCPIP6 - ok 17:46:27.0135 5832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 17:46:27.0245 5832 tcpipreg - ok 17:46:27.0295 5832 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys 17:46:27.0323 5832 tdcmdpst - ok 17:46:27.0363 5832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 17:46:27.0398 5832 TDPIPE - ok 17:46:27.0438 5832 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 17:46:27.0495 5832 TDTCP - ok 17:46:27.0540 5832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 17:46:27.0623 5832 tdx - ok 17:46:28.0845 5832 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 17:46:29.0058 5832 TeamViewer7 - ok 17:46:30.0173 5832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 17:46:30.0218 5832 TermDD - ok 17:46:31.0735 5832 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 17:46:31.0893 5832 TermService - ok 17:46:32.0045 5832 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 17:46:32.0105 5832 Themes - ok 17:46:32.0283 5832 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 17:46:32.0385 5832 THREADORDER - ok 17:46:32.0753 5832 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 17:46:32.0790 5832 TMachInfo - ok 17:46:33.0365 5832 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe 17:46:33.0423 5832 TODDSrv - ok 17:46:33.0890 5832 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 17:46:33.0960 5832 TosCoSrv - ok 17:46:34.0153 5832 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 17:46:34.0183 5832 TOSHIBA HDD SSD Alert Service - ok 17:46:34.0300 5832 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 17:46:34.0425 5832 TrkWks - ok 17:46:34.0540 5832 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 17:46:34.0643 5832 TrustedInstaller - ok 17:46:34.0729 5832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 17:46:34.0873 5832 tssecsrv - ok 17:46:34.0911 5832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 17:46:34.0971 5832 TsUsbFlt - ok 17:46:34.0986 5832 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 17:46:35.0048 5832 TsUsbGD - ok 17:46:35.0090 5832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 17:46:35.0194 5832 tunnel - ok 17:46:35.0262 5832 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS 17:46:35.0297 5832 TVALZ - ok 17:46:35.0336 5832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 17:46:35.0376 5832 uagp35 - ok 17:46:35.0423 5832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 17:46:35.0530 5832 udfs - ok 17:46:35.0755 5832 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 17:46:35.0823 5832 UI0Detect - ok 17:46:35.0851 5832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 17:46:35.0891 5832 uliagpkx - ok 17:46:35.0926 5832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 17:46:35.0983 5832 umbus - ok 17:46:36.0014 5832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 17:46:36.0071 5832 UmPass - ok 17:46:36.0237 5832 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 17:46:36.0357 5832 upnphost - ok 17:46:36.0534 5832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 17:46:36.0601 5832 usbccgp - ok 17:46:36.0636 5832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 17:46:36.0689 5832 usbcir - ok 17:46:36.0924 5832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 17:46:36.0977 5832 usbehci - ok 17:46:37.0127 5832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 17:46:37.0184 5832 usbhub - ok 17:46:37.0222 5832 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys 17:46:37.0300 5832 usbohci - ok 17:46:37.0346 5832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 17:46:37.0419 5832 usbprint - ok 17:46:37.0454 5832 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 17:46:37.0510 5832 usbscan - ok 17:46:37.0539 5832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 17:46:37.0611 5832 USBSTOR - ok 17:46:37.0653 5832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 17:46:37.0702 5832 usbuhci - ok 17:46:37.0764 5832 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 17:46:37.0824 5832 usbvideo - ok 17:46:37.0861 5832 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 17:46:37.0980 5832 UxSms - ok 17:46:38.0031 5832 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 17:46:38.0082 5832 VaultSvc - ok 17:46:38.0115 5832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 17:46:38.0154 5832 vdrvroot - ok 17:46:38.0359 5832 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 17:46:38.0495 5832 vds - ok 17:46:38.0615 5832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 17:46:38.0683 5832 vga - ok 17:46:38.0805 5832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 17:46:38.0928 5832 VgaSave - ok 17:46:39.0093 5832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 17:46:39.0155 5832 vhdmp - ok 17:46:39.0178 5832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 17:46:39.0208 5832 viaide - ok 17:46:39.0260 5832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 17:46:39.0293 5832 volmgr - ok 17:46:39.0553 5832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 17:46:39.0600 5832 volmgrx - ok 17:46:39.0778 5832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 17:46:39.0858 5832 volsnap - ok 17:46:39.0972 5832 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\windows\system32\DRIVERS\vsdatant.sys 17:46:40.0025 5832 Vsdatant - ok 17:46:40.0259 5832 vsmon - ok 17:46:40.0324 5832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 17:46:40.0359 5832 vsmraid - ok 17:46:40.0549 5832 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 17:46:40.0687 5832 VSS - ok 17:46:40.0884 5832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 17:46:40.0959 5832 vwifibus - ok 17:46:41.0014 5832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 17:46:41.0077 5832 vwififlt - ok 17:46:41.0122 5832 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 17:46:41.0167 5832 vwifimp - ok 17:46:41.0232 5832 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 17:46:41.0327 5832 W32Time - ok 17:46:41.0352 5832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 17:46:41.0402 5832 WacomPen - ok 17:46:41.0462 5832 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:46:41.0552 5832 WANARP - ok 17:46:41.0572 5832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 17:46:41.0654 5832 Wanarpv6 - ok 17:46:41.0799 5832 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 17:46:41.0880 5832 WatAdminSvc - ok 17:46:46.0417 5832 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 17:46:46.0561 5832 wbengine - ok 17:46:47.0031 5832 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 17:46:47.0097 5832 WbioSrvc - ok 17:46:47.0168 5832 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 17:46:47.0243 5832 wcncsvc - ok 17:46:47.0277 5832 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 17:46:47.0364 5832 WcsPlugInService - ok 17:46:47.0537 5832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 17:46:47.0582 5832 Wd - ok 17:46:48.0903 5832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 17:46:48.0983 5832 Wdf01000 - ok 17:46:49.0618 5832 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:46:49.0788 5832 WdiServiceHost - ok 17:46:49.0798 5832 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 17:46:49.0862 5832 WdiSystemHost - ok 17:46:50.0563 5832 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 17:46:50.0661 5832 WebClient - ok 17:46:51.0230 5832 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 17:46:51.0381 5832 Wecsvc - ok 17:46:51.0858 5832 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 17:46:51.0943 5832 wercplsupport - ok 17:46:52.0006 5832 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 17:46:52.0106 5832 WerSvc - ok 17:46:52.0241 5832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 17:46:52.0321 5832 WfpLwf - ok 17:46:52.0411 5832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 17:46:52.0443 5832 WIMMount - ok 17:46:52.0678 5832 WinDefend - ok 17:46:52.0708 5832 WinHttpAutoProxySvc - ok 17:46:53.0901 5832 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 17:46:54.0058 5832 Winmgmt - ok 17:46:57.0271 5832 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 17:46:57.0456 5832 WinRM - ok 17:46:58.0908 5832 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 17:46:59.0008 5832 Wlansvc - ok 17:46:59.0133 5832 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 17:46:59.0163 5832 wlcrasvc - ok 17:46:59.0943 5832 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 17:47:00.0043 5832 wlidsvc - ok 17:47:00.0306 5832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 17:47:00.0353 5832 WmiAcpi - ok 17:47:00.0588 5832 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 17:47:00.0678 5832 wmiApSrv - ok 17:47:00.0796 5832 WMPNetworkSvc - ok 17:47:00.0863 5832 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 17:47:00.0923 5832 WPCSvc - ok 17:47:00.0993 5832 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 17:47:01.0063 5832 WPDBusEnum - ok 17:47:01.0118 5832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 17:47:01.0198 5832 ws2ifsl - ok 17:47:01.0251 5832 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 17:47:01.0321 5832 wscsvc - ok 17:47:01.0331 5832 WSearch - ok 17:47:01.0979 5832 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 17:47:02.0199 5832 wuauserv - ok 17:47:02.0619 5832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 17:47:02.0744 5832 WudfPf - ok 17:47:02.0799 5832 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 17:47:02.0899 5832 WUDFRd - ok 17:47:02.0996 5832 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 17:47:03.0089 5832 wudfsvc - ok 17:47:03.0221 5832 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 17:47:03.0311 5832 WwanSvc - ok 17:47:03.0379 5832 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 17:47:03.0729 5832 \Device\Harddisk0\DR0 - ok 17:47:03.0784 5832 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0 17:47:03.0804 5832 \Device\Harddisk0\DR0\Partition0 - ok 17:47:03.0804 5832 ============================================================ 17:47:03.0804 5832 Scan finished 17:47:03.0804 5832 ============================================================ 17:47:03.0856 6980 Detected object count: 0 17:47:03.0856 6980 Actual detected object count: 0
  7. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Owner at 16:42:35 on 2012-04-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.800 [GMT -5:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\taskmgr.exe C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2012\avgscana.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\Users\Owner\Downloads\RogueKiller.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=15486 uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{9D0F768F-2622-41D7-AC19-0996448D0D46} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876}\36F6D607574756270286F6573756 : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll BHO-X64: Zonealarm Helper Object - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun-x64: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lnf27lyq.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112709762404876-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=84395b5400000000000068a3c4c35065&q= FF - user.js: extensions.zonealarm.id - 84395b5400000000000068a3c4c35065 FF - user.js: extensions.zonealarm.instlDay - 15453 FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:25:04 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1600 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN112709762404876-1600 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?] R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33672] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 827520] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-19 2666880] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-5-20 51576] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-23 20:42:48 -------- d-----w- C:\Users\Owner\AppData\Local\Vitalwerks 2012-04-23 20:41:17 -------- d-----w- C:\Program Files (x86)\No-IP 2012-04-23 18:26:05 -------- d-----w- C:\Users\Owner\AppData\Local\{5F2B411A-65AD-44FC-A2A2-D0FC94FA1291} 2012-04-23 18:25:41 -------- d-----w- C:\Users\Owner\AppData\Local\{ED849DEC-960E-4FB4-8EDC-9E4BD5545263} 2012-04-23 05:27:47 40928 ----a-w- C:\windows\System32\drivers\VSPE.sys 2012-04-23 04:25:01 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD 2012-04-23 04:24:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\CheckPoint 2012-04-23 04:24:11 -------- d-----w- C:\Program Files\CheckPoint 2012-04-23 04:02:55 -------- d-----w- C:\ProgramData\CheckPoint 2012-04-23 04:02:47 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-04-23 01:41:48 -------- d-----w- C:\Users\Owner\AppData\Local\{3A0AF9EE-9A40-40B1-9FE2-802EBB1B58F5} 2012-04-23 01:38:38 -------- d-----w- C:\Users\Owner\AppData\Local\{DD70CCD2-ADB1-4E7D-8079-14189E449B4C} 2012-04-23 00:59:57 -------- d-----w- C:\Users\Owner\AppData\Local\{06DA396B-FC6F-4EA9-8DD0-9B40BDEE644B} 2012-04-22 23:45:43 -------- d-----w- C:\Users\Owner\AppData\Local\{7B1577F4-60B4-4429-BDA8-7DDB6D1C9F64} 2012-04-22 19:08:53 -------- d-----w- C:\Users\Owner\AppData\Local\{5275A65C-9D19-4689-9B4F-367ED5C61AE8} 2012-04-22 19:08:40 -------- d-----w- C:\Users\Owner\AppData\Local\{A4C18FA7-52A3-48DC-BE8F-4DA6D0D551F1} 2012-04-22 18:30:16 -------- d-----w- C:\Users\Owner\AppData\Local\{E09E94D6-CE5C-43B4-AA29-A040A9D3605F} 2012-04-22 18:30:01 -------- d-----w- C:\Users\Owner\AppData\Local\{BEC7CABB-A6EC-40A5-A83E-36887861312B} 2012-04-22 15:46:57 -------- d-----w- C:\Users\Owner\AppData\Local\{AA886E85-F7FB-444B-93AA-9DCF34B01B53} 2012-04-22 02:04:54 -------- d-----w- C:\Users\Owner\AppData\Local\{981AF6A0-888C-4C58-9503-FF2EDA0BE115} 2012-04-22 02:04:39 -------- d-----w- C:\Users\Owner\AppData\Local\{DF66BEDC-086F-4511-8A2D-C1B49F0AB4C4} 2012-04-21 14:52:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\Microsoft Corporation 2012-04-21 14:43:22 -------- d-----w- C:\Users\Owner\AppData\Local\{8246F50D-803F-495F-AAEB-F8469A498992} 2012-04-21 13:05:21 -------- d-----w- C:\Users\Owner\AppData\Local\{BCD2F946-F549-42F7-8029-690A5F869377} 2012-04-21 05:06:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-04-21 05:05:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-04-21 05:05:53 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-04-21 05:05:31 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-04-21 05:04:15 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-04-21 05:01:18 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-04-21 01:59:10 -------- d-----w- C:\Users\Owner\.idlerc 2012-04-21 01:51:46 354304 ----a-w- C:\windows\SysWow64\pythoncom26.dll 2012-04-21 01:51:46 110592 ----a-w- C:\windows\SysWow64\pywintypes26.dll 2012-04-21 01:51:00 -------- d-----w- C:\Python26 2012-04-20 20:14:48 -------- d-----w- C:\Users\Owner\AppData\Local\{92E9E669-CE11-4494-8BF7-BB01A2CEF57E} 2012-04-19 22:41:20 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-04-19 20:06:45 -------- d-----w- C:\Users\Owner\AppData\Local\{E74E98C2-75A8-4D25-8089-BB79FDD735FF} 2012-04-19 19:58:37 -------- d-----w- C:\Users\Owner\AppData\Local\{BD9A6A73-FAE8-4ECF-BAFD-5FFDC33523E9} 2012-04-19 19:56:53 0 ----a-w- C:\windows\SysWow64\sho5910.tmp 2012-04-18 22:11:41 -------- d-----w- C:\Users\Owner\AppData\Local\{2AF7A797-72E2-4CCC-8869-F080424D47DB} 2012-04-18 19:50:32 -------- d-----w- C:\Users\Owner\AppData\Local\{A08FFD9F-8A12-42F0-A195-128CC7CCB756} 2012-04-18 11:49:00 -------- d-----w- C:\Users\Owner\AppData\Local\{A11760AA-C019-4F46-8BF0-327BD97C5ACF} 2012-04-17 23:28:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com 2012-04-17 23:27:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-04-17 23:27:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-04-17 22:58:38 -------- d-----w- C:\Users\Owner\AppData\Local\{CB575660-3FCC-46C8-BADE-B709DBAC9E3F} 2012-04-17 21:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{E16EE2D7-F549-4FC9-86D5-53A3DE73B2BE} 2012-04-17 21:11:08 -------- d-----w- C:\Users\Owner\AppData\Local\{CC2AC5A0-EB75-4EAA-B615-4FA9FB1E0903} 2012-04-17 21:09:18 0 ----a-w- C:\windows\SysWow64\sho66FF.tmp 2012-04-17 03:52:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8945B2E8-7B85-4B11-8023-29577813461E} 2012-04-16 20:38:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012 2012-04-16 20:37:54 -------- d-----w- C:\windows\SysWow64\drivers\AVG 2012-04-16 20:36:34 -------- d--h--w- C:\$AVG 2012-04-16 20:36:33 -------- d-----w- C:\windows\System32\drivers\AVG 2012-04-16 20:36:33 -------- d-----w- C:\ProgramData\AVG2012 2012-04-16 20:35:04 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-16 20:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{6DE1E4EA-1CDA-4607-B015-127F86F17F0F} 2012-04-16 19:50:31 -------- d-----w- C:\Users\Owner\AppData\Local\{34E59460-B4DC-4878-9C33-B27CB623689D} 2012-04-16 12:01:38 -------- d--h--w- C:\ProgramData\Common Files 2012-04-16 12:00:02 -------- d-----w- C:\ProgramData\MFAData 2012-04-14 13:04:56 -------- d-----w- C:\Users\Owner\AppData\Local\{A2756D97-973D-4BD2-8BB5-0737C365E3D3} 2012-04-13 19:55:12 -------- d-----w- C:\Users\Owner\AppData\Local\{ED7E1A81-6AD4-4925-B076-809F81274362} 2012-04-13 19:53:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C4E764C6-4194-4BCA-8A89-2C11AB69E679} 2012-04-13 11:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2968C53-1442-48D6-8885-6B85FE2A930E}\mpengine.dll 2012-04-13 11:50:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C65615EE-B275-4EFC-A169-2AA1D0B3EFD8} 2012-04-13 11:49:01 -------- d-----w- C:\Users\Owner\AppData\Local\{0659D896-B3AA-42CD-B528-68D8A1C6F2AC} 2012-04-11 08:33:17 -------- d-----w- C:\Users\Owner\AppData\Local\{17643B54-6946-4742-8FED-273DFD9DDFDE} 2012-04-11 08:05:42 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-11 08:05:41 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 08:05:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-11 08:01:21 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-11 08:01:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-11 08:01:20 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-11 08:01:18 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-11 08:01:18 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-11 08:01:18 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-11 08:01:18 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-10 11:55:35 -------- d-----w- C:\Users\Owner\AppData\Local\{4BDF571E-C2CF-417D-8A9E-9526E70BF024} 2012-04-09 19:50:35 -------- d-----w- C:\Users\Owner\AppData\Local\{1B578F52-5C3C-49FC-9757-4AF7B1C7FFE3} 2012-04-09 02:11:44 -------- d-----w- C:\Users\Owner\AppData\Local\{4671EF11-47C2-45E5-9A04-557B0D0BDD4D} 2012-04-08 04:28:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Runscanner.net 2012-04-08 04:16:22 -------- d-----w- C:\Program Files (x86)\NirSoft 2012-04-07 13:09:10 -------- d-----w- C:\Users\Owner\AppData\Local\{FD467F0B-7795-417E-8BF6-EB6B8150383D} 2012-04-06 13:56:59 -------- d-----w- C:\Users\Owner\AppData\Local\{41D98AA9-0BB9-4100-BA29-81BC0BFF8109} 2012-04-05 11:54:12 -------- d-----w- C:\Users\Owner\AppData\Local\{31610338-B6E8-491D-8264-0B39A9D0C0FB} 2012-04-04 11:50:41 -------- d-----w- C:\Users\Owner\AppData\Local\{1540D50A-CDBE-4C0C-91A4-CE6F670C7ACD} 2012-04-03 19:50:36 -------- d-----w- C:\Users\Owner\AppData\Local\{2876F6B2-5645-4A36-92AD-F3AD7B360DC3} 2012-04-02 03:40:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8F98AC17-2ABA-4F14-B22E-8B0009C8A75A} 2012-04-01 15:39:43 -------- d-----w- C:\Users\Owner\AppData\Local\{63A99D62-E908-4367-ACEA-9B3A571418C7} 2012-04-01 02:48:28 -------- d-----w- C:\Users\Owner\AppData\Local\{E7A1A5AB-A39F-4EF4-B8D7-2D9A52B602EA} 2012-03-31 12:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{C5653183-3BB7-402F-9B64-DBDDBA4B9724} 2012-03-30 23:52:36 -------- d-----w- C:\Users\Owner\AppData\Local\{4399CA5C-AC37-4E12-8F4C-EBDE13E75E60} 2012-03-30 11:52:07 -------- d-----w- C:\Users\Owner\AppData\Local\{A5EB98DE-85B4-4F5B-B37C-993C9570943E} 2012-03-28 23:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{3FDF767B-56CB-46FC-BF63-0AB175EE2DBE} 2012-03-28 23:44:28 -------- d-----w- C:\Users\Owner\AppData\Local\{ED1F2689-31EE-483F-83AE-6336371E4A96} 2012-03-28 11:43:55 -------- d-----w- C:\Users\Owner\AppData\Local\{2824CE42-0BE1-4C1E-A2B6-AFA3E5C39357} 2012-03-28 11:43:42 -------- d-----w- C:\Users\Owner\AppData\Local\{2D8D3A90-DA3A-40DF-A99F-29A255983872} 2012-03-27 19:52:42 -------- d-----w- C:\Users\Owner\AppData\Local\{8384C705-B3C0-49E3-BCF3-0A8B32835D42} 2012-03-27 19:52:30 -------- d-----w- C:\Users\Owner\AppData\Local\{67CBB391-F344-4A00-A4B0-8349C47F105D} 2012-03-27 04:06:48 -------- d-----w- C:\Users\Owner\AppData\Local\{DE7876C0-3CC9-4DF6-8C32-1A249557B138} 2012-03-27 04:06:34 -------- d-----w- C:\Users\Owner\AppData\Local\{3525DAD3-7723-4DE3-9761-46ADE6FF6F1E} 2012-03-26 16:05:56 -------- d-----w- C:\Users\Owner\AppData\Local\{39D6F97E-877D-407D-A788-61B794C2CAAC} 2012-03-26 16:05:44 -------- d-----w- C:\Users\Owner\AppData\Local\{15CA683A-D587-4A93-A174-7B6387A3FA96} 2012-03-26 02:46:39 -------- d-----w- C:\Users\Owner\AppData\Local\{BAD689C9-7377-4485-AFA7-5771703912BE} 2012-03-25 14:46:03 -------- d-----w- C:\Users\Owner\AppData\Local\{7A286C7A-3843-4B7A-8A79-4929CA8C9783} 2012-03-25 14:45:51 -------- d-----w- C:\Users\Owner\AppData\Local\{D7069C75-AD3D-4789-ACCB-386EDE4AC01C} 2012-03-25 02:03:01 -------- d-----w- C:\Users\Owner\AppData\Local\{AE921033-12C5-4E1C-8D08-978ABD97B04D} 2012-03-25 02:02:47 -------- d-----w- C:\Users\Owner\AppData\Local\{1ADDB779-820B-4447-BE4B-E330343B698A} . ==================== Find3M ==================== . 2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr 2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.exe 2012-03-04 12:15:43 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-02-22 10:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys 2012-02-22 10:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2012-02-17 12:58:09 0 ----a-w- C:\windows\SysWow64\sho1FB0.tmp 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-04 02:21:43 0 ----a-w- C:\windows\SysWow64\sho3997.tmp 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-02 05:22:30 17 ----a-w- C:\windows\SysWow64\sho795C.tmp 2012-01-31 09:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2012-01-29 06:12:49 0 ----a-w- C:\windows\SysWow64\sho4368.tmp 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 16:44:41.26 =============== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Owner at 16:42:35 on 2012-04-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.800 [GMT -5:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\windows\system32\taskmgr.exe C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\No-IP\DUC30.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\AVG\AVG2012\avgscana.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\Users\Owner\Downloads\RogueKiller.exe C:\windows\system32\SearchFilterHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=15486 uDefault_Page_URL = hxxp://start.toshiba.com/g/ uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{9D0F768F-2622-41D7-AC19-0996448D0D46} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876} : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{D7AF05B2-C3EC-4622-B057-BF0FBF6AD876}\36F6D607574756270286F6573756 : DhcpNameServer = 192.168.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll BHO-X64: Zonealarm Helper Object - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO-X64: WeCareReminder - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun-x64: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\lnf27lyq.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.zonealarm.autoRvrt - false FF - user.js: extensions.zonealarm_i.newTab - false FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112709762404876-1600&toolbarId=base&affiliateId=1600&Lan=en&utid=84395b5400000000000068a3c4c35065&q= FF - user.js: extensions.zonealarm.id - 84395b5400000000000068a3c4c35065 FF - user.js: extensions.zonealarm.instlDay - 15453 FF - user.js: extensions.zonealarm.vrsn - 1.5.20.3 FF - user.js: extensions.zonealarm.vrsni - 1.5.20.3 FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.20.323:25:04 FF - user.js: extensions.zonealarm.prtnrId - checkpoint FF - user.js: extensions.zonealarm.prdct - zonealarm FF - user.js: extensions.zonealarm.aflt - 1600 FF - user.js: extensions.zonealarm_i.smplGrp - none FF - user.js: extensions.zonealarm.tlbrId - base FF - user.js: extensions.zonealarm.instlRef - ZLN112709762404876-1600 FF - user.js: extensions.zonealarm.dfltLng - en FF - user.js: extensions.zonealarm.excTlbr - false FF - user.js: extensions.zonealarm.admin - false . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?] R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33672] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 827520] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-3 652360] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-19 2666880] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-5-20 51576] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-20 136176] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-23 20:42:48 -------- d-----w- C:\Users\Owner\AppData\Local\Vitalwerks 2012-04-23 20:41:17 -------- d-----w- C:\Program Files (x86)\No-IP 2012-04-23 18:26:05 -------- d-----w- C:\Users\Owner\AppData\Local\{5F2B411A-65AD-44FC-A2A2-D0FC94FA1291} 2012-04-23 18:25:41 -------- d-----w- C:\Users\Owner\AppData\Local\{ED849DEC-960E-4FB4-8EDC-9E4BD5545263} 2012-04-23 05:27:47 40928 ----a-w- C:\windows\System32\drivers\VSPE.sys 2012-04-23 04:25:01 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD 2012-04-23 04:24:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\CheckPoint 2012-04-23 04:24:11 -------- d-----w- C:\Program Files\CheckPoint 2012-04-23 04:02:55 -------- d-----w- C:\ProgramData\CheckPoint 2012-04-23 04:02:47 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-04-23 01:41:48 -------- d-----w- C:\Users\Owner\AppData\Local\{3A0AF9EE-9A40-40B1-9FE2-802EBB1B58F5} 2012-04-23 01:38:38 -------- d-----w- C:\Users\Owner\AppData\Local\{DD70CCD2-ADB1-4E7D-8079-14189E449B4C} 2012-04-23 00:59:57 -------- d-----w- C:\Users\Owner\AppData\Local\{06DA396B-FC6F-4EA9-8DD0-9B40BDEE644B} 2012-04-22 23:45:43 -------- d-----w- C:\Users\Owner\AppData\Local\{7B1577F4-60B4-4429-BDA8-7DDB6D1C9F64} 2012-04-22 19:08:53 -------- d-----w- C:\Users\Owner\AppData\Local\{5275A65C-9D19-4689-9B4F-367ED5C61AE8} 2012-04-22 19:08:40 -------- d-----w- C:\Users\Owner\AppData\Local\{A4C18FA7-52A3-48DC-BE8F-4DA6D0D551F1} 2012-04-22 18:30:16 -------- d-----w- C:\Users\Owner\AppData\Local\{E09E94D6-CE5C-43B4-AA29-A040A9D3605F} 2012-04-22 18:30:01 -------- d-----w- C:\Users\Owner\AppData\Local\{BEC7CABB-A6EC-40A5-A83E-36887861312B} 2012-04-22 15:46:57 -------- d-----w- C:\Users\Owner\AppData\Local\{AA886E85-F7FB-444B-93AA-9DCF34B01B53} 2012-04-22 02:04:54 -------- d-----w- C:\Users\Owner\AppData\Local\{981AF6A0-888C-4C58-9503-FF2EDA0BE115} 2012-04-22 02:04:39 -------- d-----w- C:\Users\Owner\AppData\Local\{DF66BEDC-086F-4511-8A2D-C1B49F0AB4C4} 2012-04-21 14:52:23 -------- d-----w- C:\Users\Owner\AppData\Roaming\Microsoft Corporation 2012-04-21 14:43:22 -------- d-----w- C:\Users\Owner\AppData\Local\{8246F50D-803F-495F-AAEB-F8469A498992} 2012-04-21 13:05:21 -------- d-----w- C:\Users\Owner\AppData\Local\{BCD2F946-F549-42F7-8029-690A5F869377} 2012-04-21 05:06:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-04-21 05:05:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-04-21 05:05:53 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-04-21 05:05:31 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-04-21 05:04:15 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll 2012-04-21 05:01:18 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-04-21 04:59:51 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-04-21 01:59:10 -------- d-----w- C:\Users\Owner\.idlerc 2012-04-21 01:51:46 354304 ----a-w- C:\windows\SysWow64\pythoncom26.dll 2012-04-21 01:51:46 110592 ----a-w- C:\windows\SysWow64\pywintypes26.dll 2012-04-21 01:51:00 -------- d-----w- C:\Python26 2012-04-20 20:14:48 -------- d-----w- C:\Users\Owner\AppData\Local\{92E9E669-CE11-4494-8BF7-BB01A2CEF57E} 2012-04-19 22:41:20 -------- d-----w- C:\Program Files (x86)\TeamViewer 2012-04-19 20:06:45 -------- d-----w- C:\Users\Owner\AppData\Local\{E74E98C2-75A8-4D25-8089-BB79FDD735FF} 2012-04-19 19:58:37 -------- d-----w- C:\Users\Owner\AppData\Local\{BD9A6A73-FAE8-4ECF-BAFD-5FFDC33523E9} 2012-04-19 19:56:53 0 ----a-w- C:\windows\SysWow64\sho5910.tmp 2012-04-18 22:11:41 -------- d-----w- C:\Users\Owner\AppData\Local\{2AF7A797-72E2-4CCC-8869-F080424D47DB} 2012-04-18 19:50:32 -------- d-----w- C:\Users\Owner\AppData\Local\{A08FFD9F-8A12-42F0-A195-128CC7CCB756} 2012-04-18 11:49:00 -------- d-----w- C:\Users\Owner\AppData\Local\{A11760AA-C019-4F46-8BF0-327BD97C5ACF} 2012-04-17 23:28:10 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com 2012-04-17 23:27:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-04-17 23:27:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-04-17 22:58:38 -------- d-----w- C:\Users\Owner\AppData\Local\{CB575660-3FCC-46C8-BADE-B709DBAC9E3F} 2012-04-17 21:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{E16EE2D7-F549-4FC9-86D5-53A3DE73B2BE} 2012-04-17 21:11:08 -------- d-----w- C:\Users\Owner\AppData\Local\{CC2AC5A0-EB75-4EAA-B615-4FA9FB1E0903} 2012-04-17 21:09:18 0 ----a-w- C:\windows\SysWow64\sho66FF.tmp 2012-04-17 03:52:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8945B2E8-7B85-4B11-8023-29577813461E} 2012-04-16 20:38:57 -------- d-----w- C:\Users\Owner\AppData\Roaming\AVG2012 2012-04-16 20:37:54 -------- d-----w- C:\windows\SysWow64\drivers\AVG 2012-04-16 20:36:34 -------- d--h--w- C:\$AVG 2012-04-16 20:36:33 -------- d-----w- C:\windows\System32\drivers\AVG 2012-04-16 20:36:33 -------- d-----w- C:\ProgramData\AVG2012 2012-04-16 20:35:04 -------- d-----w- C:\Program Files (x86)\AVG 2012-04-16 20:11:23 -------- d-----w- C:\Users\Owner\AppData\Local\{6DE1E4EA-1CDA-4607-B015-127F86F17F0F} 2012-04-16 19:50:31 -------- d-----w- C:\Users\Owner\AppData\Local\{34E59460-B4DC-4878-9C33-B27CB623689D} 2012-04-16 12:01:38 -------- d--h--w- C:\ProgramData\Common Files 2012-04-16 12:00:02 -------- d-----w- C:\ProgramData\MFAData 2012-04-14 13:04:56 -------- d-----w- C:\Users\Owner\AppData\Local\{A2756D97-973D-4BD2-8BB5-0737C365E3D3} 2012-04-13 19:55:12 -------- d-----w- C:\Users\Owner\AppData\Local\{ED7E1A81-6AD4-4925-B076-809F81274362} 2012-04-13 19:53:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C4E764C6-4194-4BCA-8A89-2C11AB69E679} 2012-04-13 11:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2968C53-1442-48D6-8885-6B85FE2A930E}\mpengine.dll 2012-04-13 11:50:02 -------- d-----w- C:\Users\Owner\AppData\Local\{C65615EE-B275-4EFC-A169-2AA1D0B3EFD8} 2012-04-13 11:49:01 -------- d-----w- C:\Users\Owner\AppData\Local\{0659D896-B3AA-42CD-B528-68D8A1C6F2AC} 2012-04-11 08:33:17 -------- d-----w- C:\Users\Owner\AppData\Local\{17643B54-6946-4742-8FED-273DFD9DDFDE} 2012-04-11 08:05:42 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-04-11 08:05:41 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-04-11 08:05:40 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-04-11 08:01:21 81408 ----a-w- C:\windows\System32\imagehlp.dll 2012-04-11 08:01:21 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys 2012-04-11 08:01:20 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll 2012-04-11 08:01:18 5120 ----a-w- C:\windows\SysWow64\wmi.dll 2012-04-11 08:01:18 5120 ----a-w- C:\windows\System32\wmi.dll 2012-04-11 08:01:18 220672 ----a-w- C:\windows\System32\wintrust.dll 2012-04-11 08:01:18 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-04-10 11:55:35 -------- d-----w- C:\Users\Owner\AppData\Local\{4BDF571E-C2CF-417D-8A9E-9526E70BF024} 2012-04-09 19:50:35 -------- d-----w- C:\Users\Owner\AppData\Local\{1B578F52-5C3C-49FC-9757-4AF7B1C7FFE3} 2012-04-09 02:11:44 -------- d-----w- C:\Users\Owner\AppData\Local\{4671EF11-47C2-45E5-9A04-557B0D0BDD4D} 2012-04-08 04:28:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\Runscanner.net 2012-04-08 04:16:22 -------- d-----w- C:\Program Files (x86)\NirSoft 2012-04-07 13:09:10 -------- d-----w- C:\Users\Owner\AppData\Local\{FD467F0B-7795-417E-8BF6-EB6B8150383D} 2012-04-06 13:56:59 -------- d-----w- C:\Users\Owner\AppData\Local\{41D98AA9-0BB9-4100-BA29-81BC0BFF8109} 2012-04-05 11:54:12 -------- d-----w- C:\Users\Owner\AppData\Local\{31610338-B6E8-491D-8264-0B39A9D0C0FB} 2012-04-04 11:50:41 -------- d-----w- C:\Users\Owner\AppData\Local\{1540D50A-CDBE-4C0C-91A4-CE6F670C7ACD} 2012-04-03 19:50:36 -------- d-----w- C:\Users\Owner\AppData\Local\{2876F6B2-5645-4A36-92AD-F3AD7B360DC3} 2012-04-02 03:40:10 -------- d-----w- C:\Users\Owner\AppData\Local\{8F98AC17-2ABA-4F14-B22E-8B0009C8A75A} 2012-04-01 15:39:43 -------- d-----w- C:\Users\Owner\AppData\Local\{63A99D62-E908-4367-ACEA-9B3A571418C7} 2012-04-01 02:48:28 -------- d-----w- C:\Users\Owner\AppData\Local\{E7A1A5AB-A39F-4EF4-B8D7-2D9A52B602EA} 2012-03-31 12:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{C5653183-3BB7-402F-9B64-DBDDBA4B9724} 2012-03-30 23:52:36 -------- d-----w- C:\Users\Owner\AppData\Local\{4399CA5C-AC37-4E12-8F4C-EBDE13E75E60} 2012-03-30 11:52:07 -------- d-----w- C:\Users\Owner\AppData\Local\{A5EB98DE-85B4-4F5B-B37C-993C9570943E} 2012-03-28 23:44:42 -------- d-----w- C:\Users\Owner\AppData\Local\{3FDF767B-56CB-46FC-BF63-0AB175EE2DBE} 2012-03-28 23:44:28 -------- d-----w- C:\Users\Owner\AppData\Local\{ED1F2689-31EE-483F-83AE-6336371E4A96} 2012-03-28 11:43:55 -------- d-----w- C:\Users\Owner\AppData\Local\{2824CE42-0BE1-4C1E-A2B6-AFA3E5C39357} 2012-03-28 11:43:42 -------- d-----w- C:\Users\Owner\AppData\Local\{2D8D3A90-DA3A-40DF-A99F-29A255983872} 2012-03-27 19:52:42 -------- d-----w- C:\Users\Owner\AppData\Local\{8384C705-B3C0-49E3-BCF3-0A8B32835D42} 2012-03-27 19:52:30 -------- d-----w- C:\Users\Owner\AppData\Local\{67CBB391-F344-4A00-A4B0-8349C47F105D} 2012-03-27 04:06:48 -------- d-----w- C:\Users\Owner\AppData\Local\{DE7876C0-3CC9-4DF6-8C32-1A249557B138} 2012-03-27 04:06:34 -------- d-----w- C:\Users\Owner\AppData\Local\{3525DAD3-7723-4DE3-9761-46ADE6FF6F1E} 2012-03-26 16:05:56 -------- d-----w- C:\Users\Owner\AppData\Local\{39D6F97E-877D-407D-A788-61B794C2CAAC} 2012-03-26 16:05:44 -------- d-----w- C:\Users\Owner\AppData\Local\{15CA683A-D587-4A93-A174-7B6387A3FA96} 2012-03-26 02:46:39 -------- d-----w- C:\Users\Owner\AppData\Local\{BAD689C9-7377-4485-AFA7-5771703912BE} 2012-03-25 14:46:03 -------- d-----w- C:\Users\Owner\AppData\Local\{7A286C7A-3843-4B7A-8A79-4929CA8C9783} 2012-03-25 14:45:51 -------- d-----w- C:\Users\Owner\AppData\Local\{D7069C75-AD3D-4789-ACCB-386EDE4AC01C} 2012-03-25 02:03:01 -------- d-----w- C:\Users\Owner\AppData\Local\{AE921033-12C5-4E1C-8D08-978ABD97B04D} 2012-03-25 02:02:47 -------- d-----w- C:\Users\Owner\AppData\Local\{1ADDB779-820B-4447-BE4B-E330343B698A} . ==================== Find3M ==================== . 2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr 2012-03-19 23:28:15 234768 ----a-w- C:\windows\SysWow64\PnkBstrB.exe 2012-03-04 12:15:43 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2012-02-22 10:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys 2012-02-22 10:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2012-02-17 12:58:09 0 ----a-w- C:\windows\SysWow64\sho1FB0.tmp 2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-02-04 02:21:43 0 ----a-w- C:\windows\SysWow64\sho3997.tmp 2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-02-02 05:22:30 17 ----a-w- C:\windows\SysWow64\sho795C.tmp 2012-01-31 09:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2012-01-29 06:12:49 0 ----a-w- C:\windows\SysWow64\sho4368.tmp 2012-01-25 06:38:39 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-01-25 06:38:38 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe . ============= FINISH: 16:44:41.26 ===============
  8. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Owner at 16:42:35 on 2012-04-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.800 [GMT -5:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/9/2011 10:31:54 AM System Uptime: 4/23/2012 1:24:03 PM (3 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 202.122 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP105: 4/16/2012 3:34:09 PM - Installed AVG 2012 RP106: 4/16/2012 3:35:25 PM - Installed AVG 2012 RP107: 4/20/2012 8:50:07 PM - Installed Python 2.6.2 RP108: 4/20/2012 11:55:03 PM - Windows Update RP109: 4/22/2012 3:00:19 AM - Windows Update RP110: 4/22/2012 11:02:00 PM - Installed ZoneAlarm SocialGuard RP111: 4/23/2012 12:26:48 AM - Installed Virtual Serial Ports Emulator RP112: 4/23/2012 12:33:52 AM - Installed 232Analyzer RP113: 4/23/2012 12:44:33 AM - Removed 232Analyzer RP114: 4/23/2012 12:45:31 AM - Removed Virtual Serial Ports Emulator RP115: 4/23/2012 12:41:54 PM - Removed ZoneAlarm SocialGuard . ==== Installed Programs ====================== . 3DVIA player 5.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X MUI ASPCA Reminder by We-Care.com v5.0.5.1 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Auto Clicker v1.1 AutoHotkey 1.0.48.05 Battlefield Play4Free BellSouth FastAccess DSL Report Agent BitTorrent Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Combat Arms D3DX10 Debut Video Capture Software DragonNest EA SPORTS online 2008 Fraps (remove only) Game Booster 3 Google Chrome Google Update Helper Java Auto Updater Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Owner [Admin rights] Mode: Scan -- Date: 04/23/2012 16:59:54 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 10 ¤¤¤ [sUSP PATH] {215CF88C-F28D-4DDB-AFD5-B41522549564}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND [sUSP PATH] {2ADF2810-BB7A-43DC-8DB2-DEDBC6B02EF2}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND [sUSP PATH] {4C63EC32-F000-4610-ABAD-2CE381E1BB36}.job @ : C:\Users\Owner\Desktop\New folder\iw4mp.exe -> FOUND [sUSP PATH] {522D6F15-6365-4225-9B3C-746CCE7FD2F0}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND [sUSP PATH] {D0C615B2-3A29-49CA-BDDF-D30E309F659C}.job @ : C:\Users\Owner\Desktop\Music\mainapp.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3265GSXN SATA Disk Device +++++ --- User --- [MBR] ccf60736590eef2cfd6a7aa695256f66 [bSP] 66145dbfca0f0410ab0749a594446f83 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt
  9. I think my pc may be infected with RATS or a keylogger. Below is the HiJackThis log. Am my pc infected? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:31:53 PM, on 4/22/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\CheckPoint\SocialGuard\SocialGuard.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Owner\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15486 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll O2 - BHO: AVG Do-Not-Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files (x86)\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files (x86)\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files (x86)\Common Files\Motive\BellSouthBrowser.exe" /hidden O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" O4 - HKCU\..\Run: [MurGee.com Auto Clicker] C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user') O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O9 - Extra button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.122.0.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13253 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.