Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

BSOD possibly caused by malware. Help Please!

This is a discussion on BSOD possibly caused by malware. Help Please! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello. To start off, I just joined these forums recently! I have been getting blue screens randomly, usually while running


 
 
Thread Tools Search this Thread
Old 08-01-2012, 11:37 AM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Hello. To start off, I just joined these forums recently! I have been getting blue screens randomly, usually while running a program or playing a game.

I made a thread in the BSOD section (https://www.techsupportforum.com/foru...or-658397.html). I ran dskchk and memtest, both coming through clean.

I was then directed to run MalwareBytes, which detected "Funmoods" as a threat. I removed those files and was told to head over to these forums. I ran all the scans which looked fine to me. GMER came through completely clean.

I'm also having internet connection issues and don't know if it is virus related. When I try to connect to my network wirelessly sometimes it says cannot connect to the "hidden network." This occurs totally randomly. It will just disconnect for about 2-3 minutes and then I can reconnect perfectly fine. I checked to make sure that my network is broadcasting SSID, which it is. I'm really not sure if all of these problems are hardware or software related...

Any help would be greatly appreciated! :)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by JakeMellon at 14:02:02 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.5306 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Razer\Abyssus\razertra.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Users\JakeMellon\Downloads\ZuneSetupPkg.exe
c:\70417b15379e1095f9\startzune.exe
C:\70417b15379e1095f9\x64\zunesetup.exe
C:\70417b15379e1095f9\x64\zunesetup.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489
uDefault_Page_URL = hxxp://start.toshiba.com
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C65327CD-6A8B-41C2-AE4C-34129EEB2FF0} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.716.0\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JakeMellon\AppData\Roaming\Mozilla\Firefox\Profiles\pz7izkqf.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-7-18 66160]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-7-23 123320]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-23 2348352]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-7-23 126392]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-7-23 2656280]
R3 Abyssus;Razer Abyssus;C:\windows\system32\drivers\Abyssus.sys --> C:\windows\system32\drivers\Abyssus.sys [?]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-23 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
R3 VKbms;Virtual HID Minidriver;C:\windows\system32\DRIVERS\VKbms.sys --> C:\windows\system32\DRIVERS\VKbms.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-23 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-23 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-23 113120]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-01 18:02:17 -------- d-----w- C:\windows\System32\drivers\UMDF\ru-RU
2012-08-01 18:02:16 -------- d-----w- C:\windows\System32\drivers\UMDF\zh-CN
2012-08-01 18:02:16 -------- d-----w- C:\windows\System32\drivers\UMDF\pl-PL
2012-08-01 18:02:16 -------- d-----w- C:\windows\System32\drivers\UMDF\ja-JP
2012-08-01 18:02:14 -------- d-----w- C:\windows\System32\drivers\UMDF\pt-BR
2012-08-01 18:02:11 -------- d-----w- C:\windows\System32\drivers\UMDF\pt-PT
2012-08-01 18:02:09 -------- d-----w- C:\windows\System32\drivers\UMDF\nl-NL
2012-08-01 18:02:08 -------- d-----w- C:\windows\System32\drivers\UMDF\it-IT
2012-08-01 18:02:07 -------- d-----w- C:\windows\System32\drivers\UMDF\fr-FR
2012-08-01 18:02:07 -------- d-----w- C:\windows\System32\drivers\UMDF\es-ES
2012-08-01 18:02:07 -------- d-----w- C:\windows\System32\drivers\UMDF\de-DE
2012-08-01 18:00:49 -------- d-----w- C:\70417b15379e1095f9
2012-08-01 14:14:12 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\Malwarebytes
2012-08-01 14:14:03 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-08-01 14:14:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-01 14:14:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-31 23:34:15 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-31 23:27:54 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-07-31 23:27:53 -------- d-----w- C:\Program Files (x86)\Steam
2012-07-31 22:04:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1511AD81-6A7A-4172-BA06-3DA9F28F6991}\offreg.dll
2012-07-31 20:03:32 -------- d-----w- C:\Program Files\Speccy
2012-07-31 19:55:37 -------- d-----w- C:\perflogs
2012-07-31 16:03:01 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\AVG2012
2012-07-31 16:01:46 -------- d--h--w- C:\$AVG
2012-07-31 16:01:46 -------- d-----w- C:\ProgramData\AVG2012
2012-07-31 16:01:14 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-31 15:57:54 -------- d--h--w- C:\ProgramData\Common Files
2012-07-31 15:57:54 -------- d-----w- C:\ProgramData\MFAData
2012-07-31 13:21:02 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-31 13:20:59 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1511AD81-6A7A-4172-BA06-3DA9F28F6991}\mpengine.dll
2012-07-31 13:13:19 -------- d-----w- C:\Users\JakeMellon\AppData\Local\Macromedia
2012-07-31 13:07:23 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 02:59:13 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\Tific
2012-07-25 14:42:59 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\NVIDIA
2012-07-24 21:35:23 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2012
2012-07-24 15:34:58 -------- d-----w- C:\Program Files (x86)\NirSoft
2012-07-23 18:25:30 -------- d-----w- C:\windows\SysWow64\Wat
2012-07-23 18:25:30 -------- d-----w- C:\windows\System32\Wat
2012-07-23 17:37:37 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-23 17:33:34 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-23 17:28:17 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-07-23 17:28:17 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-07-23 17:28:17 5120 ----a-w- C:\windows\System32\wmi.dll
2012-07-23 17:28:17 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-07-23 17:28:17 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-07-23 17:28:17 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-07-23 17:28:17 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-07-23 15:22:17 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\LolClient
2012-07-23 14:51:03 -------- d-----w- C:\windows\System32\drivers\N360x64\0602010.005
2012-07-23 14:05:01 68616 ----a-w- C:\windows\SysWow64\XAPOFX1_1.dll
2012-07-23 14:05:01 509448 ----a-w- C:\windows\SysWow64\XAudio2_2.dll
2012-07-23 14:05:01 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll
2012-07-23 14:05:01 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll
2012-07-23 14:05:01 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll
2012-07-23 14:00:23 -------- d-----w- C:\Riot Games
2012-07-23 13:21:20 8007680 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2012-07-23 13:21:20 1724016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.dll
2012-07-23 13:21:20 138864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\CommonDotNET.dll
2012-07-23 13:21:20 104048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-07-23 13:21:19 -------- d-----w- C:\Users\JakeMellon\AppData\Local\Diagnostics
2012-07-23 13:21:04 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-07-23 13:20:52 -------- d-----w- C:\windows\System32\drivers\N360x64
2012-07-23 11:19:59 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-07-23 11:17:03 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2012-07-23 11:17:03 634880 ----a-w- C:\windows\System32\msvcrt.dll
2012-07-23 11:17:00 331776 ----a-w- C:\windows\System32\oleacc.dll
2012-07-23 06:14:16 -------- d-----w- C:\Program Files (x86)\Toshiba Online Backup
2012-07-23 06:14:06 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64\02000D0.00B
2012-07-23 06:14:06 -------- d-----w- C:\windows\System32\drivers\NortonPCCheckupx64
2012-07-23 06:14:06 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup
2012-07-23 06:13:59 99320 ----a-w- C:\windows\System32\tosWirelessLANIndicatorCP.dll
2012-07-23 06:13:59 827728 ----a-w- C:\windows\System32\msvcr100.dll
2012-07-23 06:13:59 607568 ----a-w- C:\windows\System32\msvcp100.dll
2012-07-23 06:10:10 -------- d-----w- C:\ProgramData\WildTangent
2012-07-23 06:10:10 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-07-23 06:10:10 -------- d-----w- C:\Program Files (x86)\TOSHIBA Games
2012-07-23 06:05:01 138656 ----a-w- C:\windows\System32\TODDSrv.exe
2012-07-23 06:00:08 14112 ----a-w- C:\windows\System32\drivers\regi.sys
2012-07-23 06:00:04 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo
2012-07-23 05:59:45 -------- d-----w- C:\Program Files (x86)\Common Files\Protexis
2012-07-23 05:59:35 -------- d-----w- C:\ProgramData\Corel
2012-07-23 05:59:35 -------- d-----w- C:\Program Files (x86)\Corel
2012-07-23 05:58:19 -------- d-----w- C:\Program Files (x86)\Common Files\Toshiba Shared
2012-07-23 05:58:14 482384 ----a-w- C:\windows\System32\drivers\tos_sps64.sys
2012-07-23 05:58:13 4178264 ----a-w- C:\windows\SysWow64\D3DX9_41.dll
2012-07-23 05:57:39 38096 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2012-07-23 05:45:51 -------- d-----w- C:\ProgramData\Norton
2012-07-23 05:45:34 -------- d-----w- C:\ProgramData\NortonInstaller
2012-07-23 05:45:34 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-07-23 05:40:46 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-07-23 05:40:42 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-07-23 05:40:29 -------- d-----w- C:\Program Files (x86)\JMicron
2012-07-23 05:40:27 -------- d-----w- C:\windows\SysWow64\SDA
2012-07-23 05:39:46 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2012-07-23 05:39:04 40832 ----a-w- C:\windows\System32\drivers\TosBtCi.dll
2012-07-23 05:38:16 42096 ----a-r- C:\windows\System32\drivers\btfilter.sys
2012-07-23 05:38:03 -------- d-----w- C:\Program Files (x86)\TOH Class Filter
2012-07-23 05:36:13 2675712 ----a-w- C:\windows\System32\drivers\athrx.sys
2012-07-23 05:36:13 -------- d-----w- C:\windows\Options
2012-07-23 05:36:12 63648 ----a-w- C:\windows\System32\athihvui.dll
2012-07-23 05:36:12 443040 ----a-w- C:\windows\System32\athihvs.dll
2012-07-23 05:36:12 -------- d-----w- C:\windows\System32\nn-NO
2012-07-23 05:36:12 -------- d-----w- C:\Program Files (x86)\Atheros
2012-07-23 05:35:57 -------- d-----w- C:\ProgramData\Atheros
2012-07-23 05:29:12 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2012-07-23 05:29:12 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2012-07-23 05:28:53 20592 ----a-w- C:\windows\System32\drivers\CeKbFilter.sys
2012-07-23 05:28:36 -------- d-----w- C:\ProgramData\vista64
2012-07-23 05:28:35 -------- d-----w- C:\ProgramData\xp
2012-07-23 05:28:35 -------- d-----w- C:\ProgramData\win7_64
2012-07-23 05:28:35 -------- d-----w- C:\ProgramData\win7_32
2012-07-23 05:28:35 -------- d-----w- C:\ProgramData\vista32
2012-07-23 05:28:27 8192 ----a-w- C:\windows\System32\TSBWLS.dll
2012-07-23 05:28:27 295936 ----a-w- C:\windows\System32\HWS_Ctrl.dll
2012-07-23 05:28:07 -------- d-----w- C:\windows\System32\Microsoft.VC80.MFC
2012-07-23 05:27:52 -------- d-----w- C:\windows\Downloaded Installations
2012-07-23 05:27:24 -------- d-----w- C:\windows\SysWow64\NV
2012-07-23 05:27:24 -------- d-----w- C:\windows\System32\NV
2012-07-23 05:22:04 -------- d-----w- C:\Program Files\Common Files\Intel
2012-07-23 05:22:03 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-07-23 05:18:38 439320 ----a-w- C:\windows\System32\drivers\iaStor.sys
2012-07-23 05:18:28 8192 ----a-w- C:\windows\System32\drivers\IntelMEFWVer.dll
2012-07-23 05:18:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-07-23 05:18:19 -------- d-----w- C:\Intel
2012-07-23 05:16:05 53248 ----a-w- C:\windows\SysWow64\CSVer.dll
2012-07-23 0453 92672 ----a-w- C:\windows\System32\Abyssus.cpl
2012-07-23 0452 6656 ----a-w- C:\windows\System32\drivers\hidkmdf.sys
2012-07-23 0452 13312 ----a-w- C:\windows\System32\drivers\VKbms.sys
2012-07-23 0451 10880 ----a-w- C:\windows\System32\drivers\Abyssus.sys
2012-07-23 04:03:30 -------- d-----w- C:\NVIDIA
2012-07-23 03:57:15 -------- d-----w- C:\ProgramData\UAB
2012-07-23 03:57:06 -------- d-----w- C:\Users\JakeMellon\AppData\Local\PC_Drivers_Headquarters
2012-07-23 03:56:42 -------- d-----w- C:\ProgramData\Driver Manager
2012-07-23 03:54:09 -------- d-----w- C:\Program Files (x86)\League of legends
2012-07-23 03:53:50 -------- d-----w- C:\Users\JakeMellon\AppData\Local\PMB Files
2012-07-23 03:53:50 -------- d-----w- C:\ProgramData\PMB Files
2012-07-23 03:53:44 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-07-23 03:52:11 -------- d-----w- C:\ProgramData\PCSettings
2012-07-23 03:47:23 -------- d-----w- C:\Users\JakeMellon\AppData\Local\ID Vault
2012-07-23 03:47:23 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-07-23 03:46:39 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\ID Vault
2012-07-23 03:46:20 29288 ------w- C:\windows\System32\drivers\gidv2.sys
2012-07-23 03:46:19 65816 ------w- C:\windows\System32\GIDLogonCP64.dll
2012-07-23 03:46:19 446752 ------w- C:\windows\System32\GIDHookLogon64.dll
2012-07-23 03:46:19 109064 ------w- C:\windows\System32\EasyHook64.dll
2012-07-23 03:46:18 467224 ------w- C:\windows\System32\GIDHOOK64.DLL
2012-07-23 03:46:18 206608 ------w- C:\windows\System32\GIDBIN1.DLL
2012-07-23 03:46:18 102160 ------w- C:\windows\System32\GIDBIN3.DLL
2012-07-23 03:46:12 -------- d-----w- C:\ProgramData\GID
2012-07-23 03:46:11 -------- d-----w- C:\Program Files (x86)\SFT
2012-07-23 03:46:04 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-07-23 03:45:48 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-07-23 03:43:44 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-07-23 03:39:59 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-07-23 03:39:57 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\BabylonToolbar
2012-07-23 03:39:52 -------- d-----w- C:\Users\JakeMellon\AppData\Local\dealcabby
2012-07-23 03:39:51 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\Babylon
2012-07-23 03:39:51 -------- d-----w- C:\ProgramData\Babylon
2012-07-23 03:37:16 -------- d-----w- C:\Users\JakeMellon\AppData\Local\Google
2012-07-23 03:29:33 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-07-23 03:29:33 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-07-23 03:29:33 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-07-23 03:27:35 -------- d-----w- C:\Users\JakeMellon\AppData\Local\TOSHIBA
2012-07-23 03:27:06 -------- d-----w- C:\Users\JakeMellon\AppData\Local\VirtualStore
2012-07-23 03:26:29 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2012-07-23 03:26:20 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-07-23 03:26:15 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-07-23 03:26:12 -------- d-----w- C:\Users\JakeMellon\AppData\Roaming\WinBatch
.
==================== Find3M ====================
.
2012-07-31 13:07:23 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 0616 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 0616 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-05-31 16:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 1122 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 14:02:30.89 ===============



DDS.txt

Attach.txt
JMell is offline  
Sponsored Links
Advertisement
 
Old 08-02-2012, 11:11 AM   #2
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please run the following

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
CatByte is offline  
Old 08-05-2012, 07:57 AM   #3
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Hi sorry for the really late reply. I reinstalled windows after backing up everything and the problem still persists. Guess I'm on my way back to the BSOD forum :(
JMell is offline  
Sponsored Links
Advertisement
 
Old 08-05-2012, 08:20 AM   #4
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



try this first

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
    services.exe
  • now press the search button
  • when the search is complete, search.txt will also be written to your USB
  • type exit and reboot the computer normally
  • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
CatByte is offline  
Old 08-06-2012, 09:36 AM   #5
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



I followed those directions but it would not run in recovery mode :/ It said the subsystem files or something were not located. I ran it in regular mode and these were the results:
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by JakeMellon at 06-08-2012 11:53:36
Running from F:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.The operation completed successfully.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-08-06 11:51 - 2012-08-06 11:53 - 00000000 ____D C:\FRST
2012-08-06 11:42 - 2012-08-06 11:42 - 00262192 ____A C:\Windows\Minidump\080612-54335-01.dmp
2012-08-05 13:06 - 2012-08-05 13:06 - 00002030 ____A C:\Users\JakeMellon\Desktop\BSOD4.txt
2012-08-05 12:54 - 2012-08-05 12:54 - 00262192 ____A C:\Windows\Minidump\080512-71074-01.dmp
2012-08-05 12:36 - 2012-08-05 12:36 - 00000000 ____D C:\Users\JakeMellon\Desktop\Games
2012-08-05 10:43 - 2012-08-05 10:44 - 27903935 ____A C:\Users\JakeMellon\Downloads\atheros-wlan-win7-9204190.zip
2012-08-05 10:32 - 2012-08-05 10:32 - 00266320 ____A C:\Windows\Minidump\080512-46332-01.dmp
2012-08-04 22:40 - 2012-08-04 22:40 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-04 22:40 - 2012-08-04 22:40 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\AVG Secure Search
2012-08-04 22:40 - 2012-08-04 22:40 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-04 22:40 - 2012-08-04 22:40 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-04 22:39 - 2012-08-04 22:39 - 27844176 ____A C:\Users\JakeMellon\Downloads\tc00346200e.exe
2012-08-04 22:39 - 2012-08-04 22:39 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-04 22:36 - 2012-08-04 22:36 - 03879800 ____A (AVG Technologies) C:\Users\JakeMellon\Downloads\avg_free_stb_all_2012_2197_cnet(1).exe
2012-08-04 21:59 - 2012-08-04 21:59 - 00262144 ____A C:\Windows\Minidump\080412-22401-01.dmp
2012-08-04 14:52 - 2012-08-04 14:52 - 00001277 ____A C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2012-08-04 14:52 - 2012-08-04 14:52 - 00000000 ____D C:\Program Files (x86)\Xirrus
2012-08-04 14:51 - 2012-08-04 14:51 - 22224144 ____A (Xirrus) C:\Users\JakeMellon\Downloads\WiFiInspector-Setup-1.2.1.4.exe
2012-08-04 14:51 - 2012-08-04 14:51 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Xirrus
2012-08-04 14:46 - 2012-08-04 14:46 - 05678590 ____A C:\Users\JakeMellon\Downloads\WNDR3400 Firmware Version 1.0.0.50.zip
2012-08-02 09:11 - 2012-08-02 09:11 - 00262144 ____A C:\Windows\Minidump\080212-26644-01.dmp
2012-08-01 15:04 - 2012-08-01 15:04 - 00000432 ____A C:\Users\JakeMellon\Desktop\Wireless Network Connection - Shortcut.lnk
2012-08-01 14:16 - 2012-08-01 14:16 - 00000000 ____A C:\Users\JakeMellon\Documents\ark.txt
2012-08-01 14:05 - 2012-08-01 14:05 - 00294216 ____A C:\Users\JakeMellon\Downloads\gmer.zip
2012-08-01 14:02 - 2012-08-01 14:02 - 00000000 ___RD C:\Users\JakeMellon\Podcasts
2012-08-01 14:01 - 2012-08-01 14:02 - 00000000 ____D C:\Program Files\Zune
2012-08-01 14:01 - 2012-08-01 14:01 - 00607260 ____R (Swearware) C:\Users\JakeMellon\Downloads\dds.scr
2012-08-01 14:01 - 2012-08-01 14:01 - 00000938 ____A C:\Users\Public\Desktop\Zune.lnk
2012-08-01 13:59 - 2012-08-01 14:00 - 105664248 ____A (Microsoft Corporation) C:\Users\JakeMellon\Downloads\ZuneSetupPkg.exe
2012-08-01 10:14 - 2012-08-01 10:14 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-01 10:14 - 2012-08-01 10:14 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Malwarebytes
2012-08-01 10:14 - 2012-08-01 10:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-01 10:14 - 2012-08-01 10:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 10:13 - 2012-08-01 10:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\JakeMellon\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-31 19:34 - 2012-08-06 11:52 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Skype
2012-07-31 19:34 - 2012-07-31 19:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-07-31 19:34 - 2012-07-31 19:34 - 00000000 ____D C:\Users\All Users\Skype
2012-07-31 19:33 - 2012-07-31 19:33 - 00876720 ____A (Skype Technologies S.A.) C:\Users\JakeMellon\Downloads\SkypeSetup.exe
2012-07-31 19:27 - 2012-08-06 11:50 - 00000000 ____D C:\Program Files (x86)\Steam
2012-07-31 19:27 - 2012-07-31 19:27 - 01606656 ____A C:\Users\JakeMellon\Downloads\SteamInstall.msi
2012-07-31 19:27 - 2012-07-31 19:27 - 00000928 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-31 16:46 - 2012-07-31 16:48 - 00001843 ____A C:\Users\JakeMellon\Downloads\avgremover.log
2012-07-31 16:46 - 2012-07-31 16:46 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\JakeMellon\Downloads\avg_remover_stf_x86_2012_2125.exe
2012-07-31 16:10 - 2012-07-31 16:10 - 00159192 ____A C:\Users\JakeMellon\Documents\PERFMON.zip
2012-07-31 16:08 - 2012-07-31 16:08 - 00834249 ____A C:\Users\JakeMellon\Documents\Windows7_Vista_jcgriff2.zip
2012-07-31 16:03 - 2012-07-31 16:03 - 04765592 ____A (Piriform Ltd) C:\Users\JakeMellon\Downloads\spsetup117.exe
2012-07-31 16:03 - 2012-07-31 16:03 - 00000807 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-07-31 16:03 - 2012-07-31 16:03 - 00000000 ____D C:\Program Files\Speccy
2012-07-31 15:57 - 2012-07-31 15:56 - 03061620 ____A C:\Users\JakeMellon\Documents\PERFMON.html
2012-07-31 15:49 - 2012-07-31 15:52 - 00000000 ____D C:\Users\JakeMellon\Documents\Windows7_Vista_jcgriff2
2012-07-31 15:48 - 2012-07-31 15:48 - 00055296 ____A C:\Users\JakeMellon\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_.exe
2012-07-31 15:47 - 2012-07-31 15:47 - 00643696 ____A (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\JakeMellon\Documents\autoruns.exe
2012-07-31 14:34 - 2012-07-31 14:34 - 00262144 ____A C:\Windows\Minidump\073112-41870-01.dmp
2012-07-31 12:03 - 2012-07-31 12:03 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\AVG2012
2012-07-31 12:01 - 2012-08-04 22:52 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-31 12:01 - 2012-08-04 22:39 - 00000000 ___HD C:\$AVG
2012-07-31 12:01 - 2012-07-31 12:01 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-31 11:57 - 2012-08-05 21:18 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-31 11:57 - 2012-07-31 11:57 - 03879800 ____A (AVG Technologies) C:\Users\JakeMellon\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-31 09:13 - 2012-07-31 09:13 - 00920096 ____A C:\Users\JakeMellon\Downloads\Norton_Removal_Tool.exe
2012-07-31 09:13 - 2012-07-31 09:13 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\Macromedia
2012-07-31 09:07 - 2012-07-31 09:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 09:07 - 2012-07-31 09:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-31 09:06 - 2012-07-31 09:06 - 00262144 ____A C:\Windows\Minidump\073112-28048-01.dmp
2012-07-30 22:59 - 2012-07-30 22:59 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Tific
2012-07-26 13:14 - 2012-07-26 13:14 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2012-07-26 13:12 - 2012-07-26 13:12 - 00887896 ____A (Microsoft Corporation) C:\Users\JakeMellon\Downloads\dotNetFx40_Client_setup.exe
2012-07-26 13:09 - 2012-07-26 13:09 - 03632686 ____A (Little Apps) C:\Users\JakeMellon\Downloads\Little_Registry_Cleaner_11_02_2011.exe
2012-07-26 13:09 - 2012-07-26 13:09 - 00463080 ____A (CNET Download.com) C:\Users\JakeMellon\Downloads\cnet2_Little_Registry_Cleaner_11_02_2011_exe.exe
2012-07-25 10:42 - 2012-07-25 10:42 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\NVIDIA
2012-07-24 17:35 - 2012-07-24 17:35 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2012
2012-07-24 17:33 - 2012-07-24 17:34 - 06654296 ____A (Advanced Fix, Inc. ) C:\Users\JakeMellon\Downloads\AdvancedFix_Setup.exe
2012-07-24 11:58 - 2012-07-24 11:58 - 00069043 ____A C:\Users\JakeMellon\Downloads\memtest86+-4.20.iso.zip
2012-07-24 11:34 - 2012-07-24 11:34 - 00130247 ____A C:\Users\JakeMellon\Downloads\bluescreenview_setup.exe
2012-07-24 11:34 - 2012-07-24 11:34 - 00000000 ____D C:\Program Files (x86)\NirSoft
2012-07-24 11:26 - 2012-08-06 11:42 - 293458350 ____A C:\Windows\MEMORY.DMP
2012-07-24 11:26 - 2012-08-06 11:42 - 00000000 ____D C:\Windows\Minidump
2012-07-24 11:26 - 2012-07-24 11:26 - 00262144 ____A C:\Windows\Minidump\072412-32073-01.dmp
2012-07-23 13:34 - 2012-07-23 13:35 - 00295538 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-07-23 13:33 - 2012-07-23 13:34 - 00297280 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-23 13:33 - 2012-07-23 13:33 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-07-23 13:28 - 2012-03-01 01:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-07-23 13:28 - 2012-03-01 01:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-07-23 13:28 - 2012-03-01 01:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-07-23 13:28 - 2012-03-01 01:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-07-23 13:28 - 2012-03-01 01:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-07-23 13:28 - 2012-03-01 01:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-07-23 13:27 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-23 13:27 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-23 13:27 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-23 13:27 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-23 13:27 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-23 13:27 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-23 13:27 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-23 13:27 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-23 13:27 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-23 13:27 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-23 13:27 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-23 13:27 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-23 13:27 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-23 13:27 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-23 13:27 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-23 13:27 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-23 13:27 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-23 13:27 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-23 13:27 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-23 13:27 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-23 13:27 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-23 13:27 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-23 13:27 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-23 13:27 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-23 13:27 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-23 13:27 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-23 13:27 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-23 13:27 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-23 11:22 - 2012-07-23 11:22 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\LolClient
2012-07-23 10:05 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-07-23 10:05 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-07-23 10:05 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-07-23 10:05 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-07-23 10:05 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-07-23 10:00 - 2012-07-23 10:00 - 00000000 ____D C:\Riot Games
2012-07-23 09:24 - 2012-07-23 09:24 - 02353512 ____A C:\Users\JakeMellon\Downloads\LeagueofLegends.exe
2012-07-23 09:21 - 2012-07-31 09:14 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-07-23 07:20 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-23 07:20 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-23 07:20 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-23 07:20 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-23 07:20 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-23 07:20 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-23 07:20 - 2012-03-03 01:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-07-23 07:20 - 2012-03-03 01:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-07-23 07:20 - 2012-01-04 04:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-07-23 07:20 - 2012-01-04 04:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-07-23 07:20 - 2011-12-30 01:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-07-23 07:20 - 2011-12-30 01:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-07-23 07:20 - 2011-11-17 01:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-07-23 07:20 - 2011-11-17 01:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-07-23 07:20 - 2011-10-26 00:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-07-23 07:20 - 2011-10-26 00:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-07-23 07:20 - 2011-10-26 00:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-23 07:20 - 2011-10-26 00:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-23 07:20 - 2011-06-16 00:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-07-23 07:20 - 2011-06-16 00:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\System32\odbcjt32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-07-23 07:20 - 2011-06-15 04:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-07-23 07:20 - 2011-03-12 07:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-07-23 07:20 - 2011-03-12 07:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-07-23 07:20 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-23 07:20 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-23 07:19 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-23 07:19 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-23 07:19 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-23 07:19 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-07-23 07:19 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-23 07:19 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-23 07:19 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-23 07:19 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-07-23 07:19 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-07-23 07:19 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-07-23 07:19 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-07-23 07:19 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-23 07:19 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-23 07:19 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-23 07:19 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-23 07:19 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-23 07:19 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-23 07:19 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-23 07:19 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-07-23 07:19 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-23 07:19 - 2011-11-19 10:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-07-23 07:19 - 2011-11-19 10:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-07-23 07:19 - 2011-08-17 00:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-07-23 07:19 - 2011-08-17 00:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-07-23 07:19 - 2011-08-17 00:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-07-23 07:19 - 2011-08-17 00:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-07-23 07:19 - 2011-07-16 00:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-07-23 07:19 - 2011-07-16 00:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-07-23 07:19 - 2011-07-16 00:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-07-23 07:19 - 2011-07-16 00:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\setup16.exe
2012-07-23 07:19 - 2011-07-16 00:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-07-23 07:19 - 2011-07-16 00:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-07-23 07:19 - 2011-07-16 00:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-07-23 07:19 - 2011-07-16 00:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-07-23 07:19 - 2011-07-16 00:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-07-23 07:19 - 2011-07-16 00:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wow32.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-07-23 07:19 - 2011-07-16 00:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-07-23 07:19 - 2011-07-15 22:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\instnm.exe
2012-07-23 07:19 - 2011-07-15 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-07-23 07:19 - 2011-07-15 22:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\user.exe
2012-07-23 07:19 - 2011-07-15 22:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-07-23 07:19 - 2011-07-15 22:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-07-23 07:17 - 2011-12-16 03:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-07-23 07:17 - 2011-12-16 03:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-07-23 07:16 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-23 07:16 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-23 07:16 - 2011-11-17 01:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-07-23 07:16 - 2011-11-17 01:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-07-23 07:16 - 2011-11-05 00:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-07-23 07:16 - 2011-11-05 00:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-07-23 07:16 - 2011-10-15 01:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-07-23 07:16 - 2011-10-15 01:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-07-23 07:16 - 2011-08-27 00:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-07-23 07:16 - 2011-08-27 00:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-07-23 07:16 - 2011-08-27 00:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-07-23 07:16 - 2011-08-27 00:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-07-23 07:10 - 2012-07-23 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-23 07:10 - 2012-07-23 07:10 - 00001141 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-23 07:10 - 2012-07-23 07:10 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Mozilla
2012-07-23 07:10 - 2012-07-23 07:10 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\Mozilla
2012-07-23 07:10 - 2012-07-23 07:10 - 00000000 ____D C:\Users\All Users\Mozilla
2012-07-23 07:10 - 2012-07-23 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-23 02:14 - 2012-07-23 02:14 - 00000000 ____D C:\Program Files (x86)\Toshiba Online Backup
2012-07-23 02:14 - 2012-07-23 02:14 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup
2012-07-23 02:10 - 2012-07-23 02:11 - 00000000 ____D C:\Users\All Users\WildTangent
2012-07-23 02:10 - 2012-07-23 02:11 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2012-07-23 02:10 - 2012-07-23 02:10 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2012-07-23 02:04 - 2012-07-23 02:05 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2012-07-23 02:04 - 2007-10-22 06:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-07-23 02:04 - 2007-10-22 06:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-07-23 02:04 - 2007-10-22 06:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-07-23 02:04 - 2007-10-22 06:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-07-23 02:04 - 2007-10-12 18:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-07-23 02:04 - 2007-10-12 18:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-07-23 02:04 - 2007-10-12 18:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-07-23 02:04 - 2007-10-12 18:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-07-23 02:04 - 2007-10-02 12:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-07-23 02:04 - 2007-10-02 12:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-07-23 02:04 - 2007-07-20 03:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-07-23 02:04 - 2007-07-20 03:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-07-23 02:04 - 2007-07-19 21:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-07-23 02:04 - 2007-06-20 23:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-07-23 02:04 - 2007-06-20 23:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-07-23 02:04 - 2007-05-16 19:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-07-23 02:04 - 2007-04-04 21:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-07-23 02:04 - 2007-04-04 21:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-07-23 02:04 - 2007-04-04 21:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-07-23 02:04 - 2007-04-04 21:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-07-23 02:04 - 2007-03-15 19:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-07-23 02:04 - 2007-03-15 19:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-07-23 02:04 - 2007-03-12 19:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-07-23 02:04 - 2007-03-12 19:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-07-23 02:04 - 2007-03-12 19:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-07-23 02:04 - 2007-03-12 19:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-07-23 02:04 - 2007-03-05 15:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-07-23 02:04 - 2007-03-05 15:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-07-23 02:04 - 2007-01-24 18:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-07-23 02:04 - 2007-01-24 18:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-07-23 02:04 - 2006-12-08 15:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-07-23 02:04 - 2006-12-08 15:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-07-23 02:04 - 2006-11-29 16:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-07-23 02:04 - 2006-11-29 16:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-07-23 02:04 - 2006-09-28 19:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-07-23 02:04 - 2006-09-28 19:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-07-23 02:04 - 2006-09-28 19:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-07-23 02:04 - 2006-09-28 19:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-07-23 02:04 - 2006-07-28 12:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-07-23 02:04 - 2006-07-28 12:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-07-23 02:04 - 2006-07-28 12:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-07-23 02:04 - 2006-07-28 12:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-07-23 02:04 - 2006-05-31 10:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-07-23 02:04 - 2006-05-31 10:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-07-23 02:04 - 2006-03-31 15:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-07-23 02:04 - 2006-03-31 15:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-07-23 02:04 - 2006-03-31 15:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-07-23 02:04 - 2006-03-31 15:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-07-23 02:03 - 2006-03-31 15:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-07-23 02:03 - 2006-03-31 15:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-07-23 02:03 - 2006-02-03 11:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-07-23 02:03 - 2006-02-03 11:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-07-23 02:03 - 2006-02-03 11:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-07-23 02:03 - 2006-02-03 11:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-07-23 02:03 - 2005-12-05 21:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-07-23 02:03 - 2005-12-05 21:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-07-23 02:03 - 2005-07-22 22:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-07-23 02:03 - 2005-07-22 22:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-07-23 02:03 - 2005-05-26 18:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-07-23 02:03 - 2005-05-26 18:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-07-23 02:03 - 2005-03-18 20:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-07-23 02:03 - 2005-03-18 20:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-07-23 02:03 - 2005-02-05 22:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2012-07-23 02:03 - 2005-02-05 22:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-07-23 01:59 - 2012-07-23 02:04 - 00000000 ____D C:\Program Files (x86)\Corel
2012-07-23 01:59 - 2012-07-23 01:59 - 00000000 ____D C:\Users\All Users\Corel
2012-07-23 01:59 - 2006-02-03 11:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-07-23 01:59 - 2006-02-03 11:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-07-23 01:58 - 2009-03-09 18:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-07-23 01:58 - 2009-03-09 18:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-07-23 01:47 - 2012-08-06 11:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 01:47 - 2012-08-05 23:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 01:47 - 2012-07-23 01:50 - 00000000 ____D C:\Users\All Users\Google
2012-07-23 01:47 - 2012-07-23 01:47 - 00000000 ____D C:\Program Files\Google
2012-07-23 01:47 - 2012-07-23 01:47 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-23 01:45 - 2012-07-31 09:15 - 00000000 ____D C:\Users\All Users\Norton
2012-07-23 01:40 - 2012-07-23 01:40 - 00000000 ____D C:\Windows\SysWOW64\SDA
2012-07-23 01:40 - 2012-07-23 01:40 - 00000000 ____D C:\Windows\System32\SDA
2012-07-23 01:40 - 2012-07-23 01:40 - 00000000 ____D C:\Users\All Users\Downloaded Installations
2012-07-23 01:40 - 2012-07-23 01:40 - 00000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-07-23 01:40 - 2012-07-23 01:40 - 00000000 ____D C:\Program Files (x86)\JMicron
2012-07-23 01:38 - 2012-07-23 01:38 - 00000000 ____D C:\Program Files (x86)\TOH Class Filter
2012-07-23 01:37 - 2012-07-23 01:37 - 00000000 ____D C:\Program Files\Synaptics
2012-07-23 01:36 - 2012-08-05 10:48 - 00000000 ____D C:\Program Files (x86)\Atheros
2012-07-23 01:36 - 2012-07-23 01:36 - 00000000 ____D C:\Windows\Options
2012-07-23 01:36 - 2012-07-23 00:06 - 00012488 ____A C:\Windows\DPINST.LOG
2012-07-23 01:35 - 2012-07-23 01:36 - 00000000 ____D C:\Users\All Users\Atheros
2012-07-23 01:33 - 2012-07-23 01:39 - 00000000 ____D C:\Program Files (x86)\Realtek
2012-07-23 01:33 - 2012-07-23 01:33 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2012-07-23 01:33 - 2012-07-23 01:33 - 00000000 ____D C:\Windows\System32\RTCOM
2012-07-23 01:33 - 2012-07-23 01:33 - 00000000 ____D C:\Program Files\Realtek
2012-07-23 01:33 - 2012-07-23 01:33 - 00000000 ____D C:\Program Files\Common Files\Wave Audio Ltd
2012-07-23 01:33 - 2011-02-25 22:37 - 01284712 ____A (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2012-07-23 01:29 - 1999-10-12 21:47 - 00024576 ____A (Toshiba) C:\Windows\SysWOW64\TSCI.dll
2012-07-23 01:29 - 1999-10-12 21:47 - 00024576 ____A (Toshiba) C:\Windows\System32\TSCI.dll
2012-07-23 01:29 - 1999-10-12 21:45 - 00024576 ____A (Toshiba) C:\Windows\SysWOW64\THCI.dll
2012-07-23 01:29 - 1999-10-12 21:45 - 00024576 ____A (Toshiba) C:\Windows\System32\THCI.dll
2012-07-23 01:28 - 2012-07-23 01:30 - 00000000 ____D C:\Users\All Users\win7_64
2012-07-23 01:28 - 2012-07-23 01:30 - 00000000 ____D C:\Users\All Users\win7_32
2012-07-23 01:28 - 2012-07-23 01:28 - 00000000 ____D C:\Users\All Users\xp
2012-07-23 01:28 - 2012-07-23 01:28 - 00000000 ____D C:\Users\All Users\vista64
2012-07-23 01:28 - 2012-07-23 01:28 - 00000000 ____D C:\Users\All Users\vista32
2012-07-23 01:27 - 2012-07-23 14:28 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-07-23 01:27 - 2012-07-23 14:28 - 00000000 ____D C:\Windows\System32\NV
2012-07-23 01:27 - 2012-07-23 01:27 - 00000000 ____D C:\Windows\Downloaded Installations
2012-07-23 01:26 - 2012-07-23 07:12 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-07-23 01:24 - 2012-07-23 01:24 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-07-23 01:24 - 2012-07-23 00:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-07-23 01:24 - 2012-07-23 00:06 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2012-07-23 01:24 - 2012-02-29 20:02 - 02301248 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-07-23 01:24 - 2012-02-29 20:02 - 02301248 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi.dll
2012-07-23 01:24 - 2012-02-29 20:02 - 00215360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-07-23 01:24 - 2012-02-29 20:02 - 00215360 ____A (NVIDIA Corporation) C:\Windows\System32\nvinit.dll
2012-07-23 01:24 - 2011-06-06 23:33 - 00380520 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll
2012-07-23 01:24 - 2011-06-06 23:33 - 00380520 ____A (NVIDIA Corporation) C:\Windows\System32\nvoptimusmft.dll
2012-07-23 01:22 - 2012-08-06 11:46 - 02004754 ____A C:\Windows\WindowsUpdate.log
2012-07-23 01:22 - 2012-07-23 01:22 - 00000000 ____D C:\Program Files\Common Files\Intel
2012-07-23 01:18 - 2012-07-23 01:21 - 00000000 ____D C:\Intel
2012-07-23 01:16 - 2012-07-23 01:22 - 00000000 ____D C:\Program Files (x86)\Intel
2012-07-23 01:16 - 2010-10-04 16:02 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2012-07-23 01:16 - 2010-10-04 16:02 - 00053248 ____A (Windows XP Bundled build C-Centric Single User) C:\Windows\System32\CSVer.dll
2012-07-23 00:06 - 2012-07-23 00:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-23 00:06 - 2012-07-23 00:06 - 00000000 ____D C:\Program Files (x86)\Razer
2012-07-23 00:06 - 2011-08-21 23:19 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2012-07-23 00:05 - 2012-07-23 00:05 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\InstallShield
2012-07-23 00:04 - 2012-08-05 21:17 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\CrashDumps
2012-07-23 00:04 - 2012-02-29 20:02 - 19444544 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 19444544 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv32.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 17543488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 17543488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 15009600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 15009600 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dum.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 07713088 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 07713088 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2um.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 05892928 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 05892928 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 02517312 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 02517312 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 02437440 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 02437440 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00812352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00812352 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshim.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00301376 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-07-23 00:04 - 2012-02-29 20:02 - 00061248 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-07-23 00:03 - 2012-07-23 00:05 - 00000000 ____D C:\NVIDIA
2012-07-22 23:57 - 2012-07-22 23:57 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\PC_Drivers_Headquarters
2012-07-22 23:57 - 2012-07-22 23:57 - 00000000 ____D C:\Users\All Users\UAB
2012-07-22 23:56 - 2012-07-22 23:56 - 00000000 ____D C:\Users\All Users\Driver Manager
2012-07-22 23:54 - 2012-07-23 09:32 - 00000000 ____D C:\Program Files (x86)\League of legends
2012-07-22 23:53 - 2012-08-06 00:20 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\PMB Files
2012-07-22 23:53 - 2012-08-06 00:20 - 00000000 ____D C:\Users\All Users\PMB Files
2012-07-22 23:53 - 2012-07-22 23:53 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-07-22 23:52 - 2012-07-22 23:52 - 00000000 ____D C:\Users\JakeMellon\Documents\Symantec
2012-07-22 23:52 - 2012-07-22 23:52 - 00000000 ____D C:\Users\All Users\PCSettings
2012-07-22 23:50 - 2012-07-22 23:50 - 00001331 ____A C:\Users\JakeMellon\Desktop\Norton Installation Files.lnk
2012-07-22 23:50 - 2012-07-22 23:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-07-22 23:47 - 2012-07-23 07:10 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\ID Vault
2012-07-22 23:47 - 2012-07-22 23:47 - 00000000 ____D C:\Users\All Users\IsolatedStorage
2012-07-22 23:46 - 2012-08-06 11:52 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\ID Vault
2012-07-22 23:46 - 2012-07-22 23:47 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-07-22 23:46 - 2012-07-22 23:46 - 00002272 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-07-22 23:46 - 2012-07-22 23:46 - 00000000 ____D C:\Users\All Users\GID
2012-07-22 23:46 - 2012-07-22 23:46 - 00000000 ____D C:\Program Files (x86)\SFT
2012-07-22 23:45 - 2012-07-22 23:45 - 00000000 ____D C:\Users\All Users\White Sky, Inc
2012-07-22 23:43 - 2012-07-22 23:43 - 00384844 ____A C:\Users\JakeMellon\AppData\Local\funmoods-speeddial.crx
2012-07-22 23:43 - 2012-07-22 23:43 - 00031465 ____A C:\Users\JakeMellon\AppData\Local\funmoods.crx
2012-07-22 23:43 - 2012-07-22 23:43 - 00000000 ____D C:\Program Files (x86)\Funmoods
2012-07-22 23:39 - 2012-07-22 23:39 - 00001521 ____A C:\user.js
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\BabylonToolbar
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Babylon
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\dealcabby
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____D C:\Users\All Users\Babylon
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____A C:\extensions.sqlite
2012-07-22 23:37 - 2012-07-31 09:16 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\Google
2012-07-22 23:37 - 2012-07-22 23:47 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Google
2012-07-22 23:37 - 2012-07-22 23:37 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Adobe
2012-07-22 23:30 - 2012-08-01 15:11 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Toshiba
2012-07-22 23:29 - 2012-02-17 01:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-07-22 23:29 - 2012-02-17 01:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-07-22 23:28 - 2012-07-22 23:28 - 00060704 ____A C:\Users\JakeMellon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-22 23:27 - 2012-08-03 13:12 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\TOSHIBA
2012-07-22 23:27 - 2012-07-24 12:13 - 00000000 ____D C:\Users\JakeMellon\AppData\Local\VirtualStore
2012-07-22 23:26 - 2012-07-22 23:26 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\WinBatch
2012-07-22 23:25 - 2012-08-01 14:02 - 00000000 ____D C:\users\JakeMellon
2012-07-22 23:25 - 2012-07-22 23:25 - 00000020 ___SH C:\Users\JakeMellon\ntuser.ini
2012-07-22 23:25 - 2011-08-21 23:19 - 00000000 ____D C:\Users\JakeMellon\AppData\Roaming\Macromedia

============ 3 Months Modified Files ========================

2012-08-06 11:51 - 2009-07-14 00:51 - 00035300 ____A C:\Windows\setupact.log
2012-08-06 11:50 - 2012-07-23 01:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-06 11:50 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-06 11:46 - 2012-07-23 01:22 - 02004754 ____A C:\Windows\WindowsUpdate.log
2012-08-06 11:42 - 2012-08-06 11:42 - 00262192 ____A C:\Windows\Minidump\080612-54335-01.dmp
2012-08-06 11:42 - 2012-07-24 11:26 - 293458350 ____A C:\Windows\MEMORY.DMP
2012-08-05 23:35 - 2012-07-23 01:47 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-05 13:06 - 2012-08-05 13:06 - 00002030 ____A C:\Users\JakeMellon\Desktop\BSOD4.txt
2012-08-05 12:54 - 2012-08-05 12:54 - 00262192 ____A C:\Windows\Minidump\080512-71074-01.dmp
2012-08-05 12:54 - 2010-11-20 23:47 - 00789896 ____A C:\Windows\PFRO.log
2012-08-05 10:44 - 2012-08-05 10:43 - 27903935 ____A C:\Users\JakeMellon\Downloads\atheros-wlan-win7-9204190.zip
2012-08-05 10:32 - 2012-08-05 10:32 - 00266320 ____A C:\Windows\Minidump\080512-46332-01.dmp
2012-08-04 22:40 - 2012-08-04 22:40 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-04 22:39 - 2012-08-04 22:39 - 27844176 ____A C:\Users\JakeMellon\Downloads\tc00346200e.exe
2012-08-04 22:36 - 2012-08-04 22:36 - 03879800 ____A (AVG Technologies) C:\Users\JakeMellon\Downloads\avg_free_stb_all_2012_2197_cnet(1).exe
2012-08-04 21:59 - 2012-08-04 21:59 - 00262144 ____A C:\Windows\Minidump\080412-22401-01.dmp
2012-08-04 14:52 - 2012-08-04 14:52 - 00001277 ____A C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
2012-08-04 14:51 - 2012-08-04 14:51 - 22224144 ____A (Xirrus) C:\Users\JakeMellon\Downloads\WiFiInspector-Setup-1.2.1.4.exe
2012-08-04 14:46 - 2012-08-04 14:46 - 05678590 ____A C:\Users\JakeMellon\Downloads\WNDR3400 Firmware Version 1.0.0.50.zip
2012-08-02 09:11 - 2012-08-02 09:11 - 00262144 ____A C:\Windows\Minidump\080212-26644-01.dmp
2012-08-01 15:04 - 2012-08-01 15:04 - 00000432 ____A C:\Users\JakeMellon\Desktop\Wireless Network Connection - Shortcut.lnk
2012-08-01 14:16 - 2012-08-01 14:16 - 00000000 ____A C:\Users\JakeMellon\Documents\ark.txt
2012-08-01 14:05 - 2012-08-01 14:05 - 00294216 ____A C:\Users\JakeMellon\Downloads\gmer.zip
2012-08-01 14:01 - 2012-08-01 14:01 - 00607260 ____R (Swearware) C:\Users\JakeMellon\Downloads\dds.scr
2012-08-01 14:01 - 2012-08-01 14:01 - 00000938 ____A C:\Users\Public\Desktop\Zune.lnk
2012-08-01 14:00 - 2012-08-01 13:59 - 105664248 ____A (Microsoft Corporation) C:\Users\JakeMellon\Downloads\ZuneSetupPkg.exe
2012-08-01 10:14 - 2012-08-01 10:14 - 00001120 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-01 10:13 - 2012-08-01 10:13 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\JakeMellon\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-31 19:33 - 2012-07-31 19:33 - 00876720 ____A (Skype Technologies S.A.) C:\Users\JakeMellon\Downloads\SkypeSetup.exe
2012-07-31 19:27 - 2012-07-31 19:27 - 01606656 ____A C:\Users\JakeMellon\Downloads\SteamInstall.msi
2012-07-31 19:27 - 2012-07-31 19:27 - 00000928 ____A C:\Users\Public\Desktop\Steam.lnk
2012-07-31 16:48 - 2012-07-31 16:46 - 00001843 ____A C:\Users\JakeMellon\Downloads\avgremover.log
2012-07-31 16:46 - 2012-07-31 16:46 - 01973368 ____A (AVG Technologies CZ, s.r.o.) C:\Users\JakeMellon\Downloads\avg_remover_stf_x86_2012_2125.exe
2012-07-31 16:10 - 2012-07-31 16:10 - 00159192 ____A C:\Users\JakeMellon\Documents\PERFMON.zip
2012-07-31 16:08 - 2012-07-31 16:08 - 00834249 ____A C:\Users\JakeMellon\Documents\Windows7_Vista_jcgriff2.zip
2012-07-31 16:03 - 2012-07-31 16:03 - 04765592 ____A (Piriform Ltd) C:\Users\JakeMellon\Downloads\spsetup117.exe
2012-07-31 16:03 - 2012-07-31 16:03 - 00000807 ____A C:\Users\Public\Desktop\Speccy.lnk
2012-07-31 15:56 - 2012-07-31 15:57 - 03061620 ____A C:\Users\JakeMellon\Documents\PERFMON.html
2012-07-31 15:48 - 2012-07-31 15:48 - 00055296 ____A C:\Users\JakeMellon\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_.exe
2012-07-31 15:47 - 2012-07-31 15:47 - 00643696 ____A (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\JakeMellon\Documents\autoruns.exe
2012-07-31 14:34 - 2012-07-31 14:34 - 00262144 ____A C:\Windows\Minidump\073112-41870-01.dmp
2012-07-31 11:57 - 2012-07-31 11:57 - 03879800 ____A (AVG Technologies) C:\Users\JakeMellon\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-07-31 09:13 - 2012-07-31 09:13 - 00920096 ____A C:\Users\JakeMellon\Downloads\Norton_Removal_Tool.exe
2012-07-31 09:07 - 2012-07-31 09:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-31 09:07 - 2012-07-31 09:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-31 09:07 - 2011-08-21 23:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-31 09:07 - 2011-08-21 23:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-31 09:06 - 2012-07-31 09:06 - 00262144 ____A C:\Windows\Minidump\073112-28048-01.dmp
2012-07-26 13:12 - 2012-07-26 13:12 - 00887896 ____A (Microsoft Corporation) C:\Users\JakeMellon\Downloads\dotNetFx40_Client_setup.exe
2012-07-26 13:09 - 2012-07-26 13:09 - 03632686 ____A (Little Apps) C:\Users\JakeMellon\Downloads\Little_Registry_Cleaner_11_02_2011.exe
2012-07-26 13:09 - 2012-07-26 13:09 - 00463080 ____A (CNET Download.com) C:\Users\JakeMellon\Downloads\cnet2_Little_Registry_Cleaner_11_02_2011_exe.exe
2012-07-24 17:34 - 2012-07-24 17:33 - 06654296 ____A (Advanced Fix, Inc. ) C:\Users\JakeMellon\Downloads\AdvancedFix_Setup.exe
2012-07-24 12:11 - 2011-01-23 20:09 - 01839104 ____A C:\Users\JakeMellon\Desktop\mt420.iso
2012-07-24 11:58 - 2012-07-24 11:58 - 00069043 ____A C:\Users\JakeMellon\Downloads\memtest86+-4.20.iso.zip
2012-07-24 11:34 - 2012-07-24 11:34 - 00130247 ____A C:\Users\JakeMellon\Downloads\bluescreenview_setup.exe
2012-07-24 11:26 - 2012-07-24 11:26 - 00262144 ____A C:\Windows\Minidump\072412-32073-01.dmp
2012-07-23 13:35 - 2012-07-23 13:34 - 00295538 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-07-23 13:34 - 2012-07-23 13:33 - 00297280 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-07-23 09:24 - 2012-07-23 09:24 - 02353512 ____A C:\Users\JakeMellon\Downloads\LeagueofLegends.exe
2012-07-23 07:10 - 2012-07-23 07:10 - 00001141 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-23 02:20 - 2009-07-14 00:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-07-23 02:04 - 2011-08-21 23:23 - 00203711 ____A C:\Windows\DirectX.log
2012-07-23 01:47 - 2011-08-21 22:56 - 00012872 ____A C:\Windows\IE9_main.log
2012-07-23 01:13 - 2011-08-21 22:51 - 00003652 ____A C:\Windows\TSSysprep.log
2012-07-23 00:06 - 2012-07-23 01:36 - 00012488 ____A C:\Windows\DPINST.LOG
2012-07-23 00:06 - 2012-07-23 00:06 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-07-22 23:50 - 2012-07-22 23:50 - 00001331 ____A C:\Users\JakeMellon\Desktop\Norton Installation Files.lnk
2012-07-22 23:46 - 2012-07-22 23:46 - 00002272 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-07-22 23:43 - 2012-07-22 23:43 - 00384844 ____A C:\Users\JakeMellon\AppData\Local\funmoods-speeddial.crx
2012-07-22 23:43 - 2012-07-22 23:43 - 00031465 ____A C:\Users\JakeMellon\AppData\Local\funmoods.crx
2012-07-22 23:39 - 2012-07-22 23:39 - 00001521 ____A C:\user.js
2012-07-22 23:39 - 2012-07-22 23:39 - 00000000 ____A C:\extensions.sqlite
2012-07-22 23:28 - 2012-07-22 23:28 - 00060704 ____A C:\Users\JakeMellon\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-22 23:25 - 2012-07-22 23:25 - 00000020 ___SH C:\Users\JakeMellon\ntuser.ini
2012-06-09 00:41 - 2012-07-23 07:20 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-09 00:41 - 2012-07-23 07:20 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 01:05 - 2012-07-23 07:20 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 01:05 - 2012-07-23 07:20 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:05 - 2012-07-23 07:20 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 01:05 - 2012-07-23 07:20 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:03 - 2012-07-23 07:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-06 01:03 - 2012-07-23 07:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 05:07 - 2012-07-23 13:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 05:07 - 2012-07-23 13:27 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:43 - 2012-07-23 13:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 04:43 - 2012-07-23 13:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:33 - 2012-07-23 13:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 04:33 - 2012-07-23 13:27 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:26 - 2012-07-23 13:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 04:26 - 2012-07-23 13:27 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:25 - 2012-07-23 13:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 04:25 - 2012-07-23 13:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:25 - 2012-07-23 13:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 04:25 - 2012-07-23 13:27 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:23 - 2012-07-23 13:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 04:23 - 2012-07-23 13:27 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:21 - 2012-07-23 13:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 04:21 - 2012-07-23 13:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:20 - 2012-07-23 13:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 04:20 - 2012-07-23 13:27 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:19 - 2012-07-23 13:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 04:19 - 2012-07-23 13:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 04:19 - 2012-07-23 13:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 04:19 - 2012-07-23 13:27 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 04:17 - 2012-07-23 13:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 04:17 - 2012-07-23 13:27 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 04:16 - 2012-07-23 13:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 04:16 - 2012-07-23 13:27 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 04:14 - 2012-07-23 13:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 04:14 - 2012-07-23 13:27 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 00:40 - 2012-07-23 07:19 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 00:40 - 2012-07-23 07:19 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:40 - 2012-07-23 07:19 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 00:40 - 2012-07-23 07:19 - 00022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-06-02 00:39 - 2012-07-23 07:19 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 00:39 - 2012-07-23 07:19 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 00:34 - 2012-07-23 07:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-02 00:34 - 2012-07-23 07:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-08-21 23:07] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-08-21 23:06] - [2011-03-01 04:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 8098.69 MB
Available physical RAM: 6016.82 MB
Total Pagefile: 16197.38 MB
Available Pagefile: 13609.35 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.84 MB

======================= Partitions =========================

1 Drive c: (TI106240W0D) (Fixed) (Total:449.22 GB) (Free:387.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:298.95 GB) NTFS
4 Drive f: (JAKE) (Removable) (Total:0.94 GB) (Free:0.04 GB) FAT

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 962 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 449 GB 1501 MB
Partition 3 Primary 15 GB 450 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 TOSHIBA Sys NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106240W0D NTFS Partition 449 GB Healthy Boot

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 465 GB 1024 KB
Partition 1 Logical 465 GB 2048 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 962 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F JAKE FAT Removable 962 MB Healthy

==================================================================================
======================= End Of Log ==========================
Farbar Recovery Scan Tool Version: 05-08-2012 01
Ran by JakeMellon at 2012-08-06 11:56:51
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

=== End Of Search ===
JMell is offline  
Old 08-06-2012, 09:54 AM   #6
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



what did you do to reinstall windows? did you wipe the drive completely or do a "repair install"?

do you have an installation disk? or use a factory installed reset partition?

Please try this

Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press ENTER:
sfc /scannow
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

let me know how that goes

then see if you are able to run ComboFix
CatByte is offline  
Old 08-06-2012, 11:37 AM   #7
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



I reset the comp to factory default. And I am running the scan right now
JMell is offline  
Old 08-06-2012, 11:53 AM   #8
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Ok so it just finished and says that it found no integrity violations...I think it has to do with my wireless card driver or something because I've been losing connection for a few minutes at a time randomly. All other devices I have are still connected so I know it is not the router.
JMell is offline  
Old 08-06-2012, 12:27 PM   #9
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



did you run ComboFix so we can make sure there is no infection left
CatByte is offline  
Old 08-08-2012, 06:44 AM   #10
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Ran ComboFix. Here's the log!:

ComboFix 12-08-07.05 - JakeMellon 08/08/2012 9:19.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6166 [GMT -4:00]
Running from: c:\users\JakeMellon\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 13:28 . 2012-08-08 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 16:09 . 2012-08-06 16:09 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-08-06 16:07 . 2012-08-06 16:07 -------- d-----w- c:\program files\Microsoft Office
2012-08-06 16:06 . 2012-08-06 16:09 -------- d-----w- c:\programdata\Microsoft Help
2012-08-06 16:04 . 2012-08-06 16:04 -------- d-----r- C:\MSOCache
2012-08-06 15:51 . 2012-08-06 15:53 -------- d-----w- C:\FRST
2012-08-05 14:48 . 2011-05-31 20:38 443040 ----a-w- c:\windows\system32\athi9cfa.rra
2012-08-05 02:41 . 2010-12-20 23:20 443040 ----a-w- c:\windows\system32\athi6ca7.rra
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-05 02:40 . 2012-08-05 02:40 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-05 02:39 . 2012-08-05 02:39 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-05 02:39 . 2012-08-07 22:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 18:52 . 2012-08-04 18:52 -------- d-----w- c:\program files (x86)\Xirrus
2012-08-03 13:40 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{823A8E25-647C-4483-BD5E-D3B0DC99DD52}\mpengine.dll
2012-08-01 14:14 . 2012-08-01 14:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 14:14 . 2012-08-01 14:14 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 14:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----r- c:\program files (x86)\Skype
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----w- c:\programdata\Skype
2012-07-31 23:27 . 2012-08-02 13:12 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-31 23:27 . 2012-08-08 13:13 -------- d-----w- c:\program files (x86)\Steam
2012-07-31 20:03 . 2012-07-31 20:03 -------- d-----w- c:\program files\Speccy
2012-07-31 19:55 . 2012-07-31 19:55 -------- d-----w- C:\perflogs
2012-07-31 16:01 . 2012-08-05 02:52 -------- d-----w- c:\programdata\AVG2012
2012-07-31 16:01 . 2012-08-05 02:39 -------- d-----w- C:\$AVG
2012-07-31 16:01 . 2012-07-31 16:01 -------- d-----w- c:\program files (x86)\AVG
2012-07-31 15:57 . 2012-08-07 22:14 -------- d-----w- c:\programdata\MFAData
2012-07-31 15:57 . 2012-07-31 15:57 -------- d--h--w- c:\programdata\Common Files
2012-07-31 13:07 . 2012-07-31 13:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 13:07 . 2012-07-31 13:07 -------- d-----w- c:\windows\system32\Macromed
2012-07-26 17:14 . 2012-08-06 16:08 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-24 21:35 . 2012-07-24 21:35 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2012-07-24 15:34 . 2012-07-24 15:34 -------- d-----w- c:\program files (x86)\NirSoft
2012-07-23 18:32 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-23 18:25 . 2012-07-23 18:25 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-23 18:25 . 2012-07-23 18:25 -------- d-----w- c:\windows\system32\Wat
2012-07-23 17:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 17:33 . 2012-07-23 17:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-23 17:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-23 17:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-23 17:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-23 17:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-23 17:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-23 17:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-23 17:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-23 14:05 . 2008-07-31 14:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-07-23 14:05 . 2008-07-31 14:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-07-23 14:05 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-23 14:05 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-23 14:05 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-23 14:00 . 2012-07-23 14:00 -------- d-----w- C:\Riot Games
2012-07-23 13:21 . 2012-07-31 13:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-23 13:20 . 2012-07-23 18:27 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-07-23 11:19 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-23 11:17 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-23 11:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-07-23 11:17 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-07-23 11:10 . 2012-07-23 11:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-07-23 06:13 . 2011-02-17 23:42 99320 ----a-w- c:\windows\system32\tosWirelessLANIndicatorCP.dll
2012-07-23 06:13 . 2010-03-18 16:36 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-23 06:13 . 2010-03-18 16:36 607568 ----a-w- c:\windows\system32\msvcp100.dll
2012-07-23 06:10 . 2012-07-23 06:11 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-07-23 06:10 . 2012-07-23 06:11 -------- d-----w- c:\programdata\WildTangent
2012-07-23 06:10 . 2012-07-23 06:10 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-07-23 06:05 . 2010-10-20 21:41 138656 ----a-w- c:\windows\system32\TODDSrv.exe
2012-07-23 06:03 . 2006-03-31 19:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-07-23 06:00 . 2007-04-17 18:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2012-07-23 06:00 . 2012-07-23 06:00 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-07-23 05:59 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Corel
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- c:\programdata\Corel
2012-07-23 05:58 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-07-23 05:58 . 2011-06-10 02:28 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-07-23 05:58 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-07-23 05:57 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-07-23 05:47 . 2012-07-23 05:47 -------- d-----w- c:\program files\Google
2012-07-23 05:47 . 2012-07-23 05:47 -------- d-----w- c:\program files (x86)\Google
2012-07-23 05:45 . 2012-07-31 13:15 -------- d-----w- c:\programdata\Norton
2012-07-23 05:45 . 2012-07-31 13:14 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\program files (x86)\JMicron
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\windows\SysWow64\SDA
2012-07-23 05:39 . 2011-06-10 10:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-07-23 05:39 . 2009-06-19 04:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll
2012-07-23 05:38 . 2010-10-18 21:14 42096 ----a-r- c:\windows\system32\drivers\btfilter.sys
2012-07-23 05:38 . 2012-07-23 05:38 -------- d-----w- c:\program files (x86)\TOH Class Filter
2012-07-23 05:36 . 2012-07-23 05:36 -------- d-----w- c:\windows\Options
2012-07-23 05:36 . 2011-05-24 04:24 2750464 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-07-23 05:36 . 2012-08-05 14:48 -------- d-----w- c:\program files (x86)\Atheros
2012-07-23 05:36 . 2012-08-05 14:48 -------- d-----w- c:\windows\system32\nn-NO
2012-07-23 05:36 . 2011-05-31 20:38 63648 ----a-w- c:\windows\system32\athihvui.dll
2012-07-23 05:36 . 2010-12-21 02:20 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-07-23 05:35 . 2012-07-23 05:36 -------- d-----w- c:\programdata\Atheros
2012-07-23 05:29 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-07-23 05:29 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-07-23 05:28 . 2012-07-23 05:28 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-23 05:28 . 2012-07-23 05:28 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\vista64
2012-07-23 05:28 . 2012-07-23 05:30 -------- d-----w- c:\programdata\win7_64
2012-07-23 05:28 . 2012-07-23 05:30 -------- d-----w- c:\programdata\win7_32
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\vista32
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\xp
2012-07-23 05:28 . 2011-03-10 19:06 295936 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2012-07-23 05:28 . 2010-03-04 23:44 8192 ----a-w- c:\windows\system32\TSBWLS.dll
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC
2012-07-23 05:27 . 2012-07-23 05:27 -------- d-----w- c:\windows\Downloaded Installations
2012-07-23 05:27 . 2012-07-23 18:28 -------- d-----w- c:\windows\SysWow64\NV
2012-07-23 05:27 . 2012-07-23 18:28 -------- d-----w- c:\windows\system32\NV
2012-07-23 05:26 . 2012-07-23 11:12 -------- d-----w- c:\programdata\NVIDIA
2012-07-23 05:22 . 2012-07-23 05:22 -------- d-----w- c:\program files\Common Files\Intel
2012-07-23 05:22 . 2012-07-23 05:22 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-07-23 05:18 . 2011-01-13 00:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-07-23 05:18 . 2011-02-01 20:06 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-07-23 05:18 . 2012-07-23 05:18 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-07-23 05:18 . 2012-07-23 05:21 -------- d-----w- C:\Intel
2012-07-23 05:16 . 2012-07-23 05:22 -------- d-----w- c:\program files (x86)\Intel
2012-07-23 05:16 . 2010-10-04 20:02 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-07-23 04:06 . 2012-08-05 14:34 -------- d-----w- c:\users\UpdatusUser
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:07 . 2011-08-22 03:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 03:26 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-05 02:40 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-05 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-23 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2011-03-10 231936]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-05 1147488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-06-10 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-05 31080]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-05 830048]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-07-23 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 05:47]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 05:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\JakeMellon\AppData\Roaming\Mozilla\Firefox\Profiles\pz7izkqf.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Driver Manager - c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 09:32:00
ComboFix-quarantined-files.txt 2012-08-08 13:31
.
Pre-Run: 413,452,812,288 bytes free
Post-Run: 413,150,154,752 bytes free
.
- - End Of File - - 0A1079154D938F276510FA3EA53F86C0
JMell is offline  
Old 08-08-2012, 07:58 AM   #11
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Nothing terrible there, just some leftovers,

how is the computer running? Are you still having issues?



Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
DDS::
uStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtD0C0AzyyE0A0D0AtA0AtByB0B0EtDtN0D0Tzu0StBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1564606489

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

Lets make sure there are no broken services

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
CatByte is offline  
Old 08-08-2012, 11:14 AM   #12
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Lately I've been getting the same BSOD usually when putting the comp to hibernate/sleep or when turning it on. It says IRQL_NOT_LESS_OR_EQUAL.

Anyways...will post the results soon
JMell is offline  
Old 08-08-2012, 11:50 AM   #13
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



And here's the log:


ComboFix 12-08-08.01 - JakeMellon 08/08/2012 14:36:13.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.6312 [GMT -4:00]
Running from: c:\users\JakeMellon\Downloads\ComboFix.exe
Command switches used :: c:\users\JakeMellon\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 18:46 . 2012-08-08 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 16:09 . 2012-08-06 16:09 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-08-06 16:07 . 2012-08-06 16:07 -------- d-----w- c:\program files\Microsoft Office
2012-08-06 16:06 . 2012-08-06 16:09 -------- d-----w- c:\programdata\Microsoft Help
2012-08-06 16:04 . 2012-08-06 16:04 -------- d-----r- C:\MSOCache
2012-08-06 15:51 . 2012-08-06 15:53 -------- d-----w- C:\FRST
2012-08-05 14:48 . 2011-05-31 20:38 443040 ----a-w- c:\windows\system32\athi9cfa.rra
2012-08-05 02:41 . 2010-12-20 23:20 443040 ----a-w- c:\windows\system32\athi6ca7.rra
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-05 02:40 . 2012-08-05 02:40 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-05 02:40 . 2012-08-05 02:40 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-05 02:39 . 2012-08-05 02:39 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-05 02:39 . 2012-08-08 17:14 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-04 18:52 . 2012-08-04 18:52 -------- d-----w- c:\program files (x86)\Xirrus
2012-08-03 13:40 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{823A8E25-647C-4483-BD5E-D3B0DC99DD52}\mpengine.dll
2012-08-01 14:14 . 2012-08-01 14:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-01 14:14 . 2012-08-01 14:14 -------- d-----w- c:\programdata\Malwarebytes
2012-08-01 14:14 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----r- c:\program files (x86)\Skype
2012-07-31 23:34 . 2012-07-31 23:34 -------- d-----w- c:\programdata\Skype
2012-07-31 23:27 . 2012-08-02 13:12 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-31 23:27 . 2012-08-08 13:48 -------- d-----w- c:\program files (x86)\Steam
2012-07-31 20:03 . 2012-07-31 20:03 -------- d-----w- c:\program files\Speccy
2012-07-31 19:55 . 2012-07-31 19:55 -------- d-----w- C:\perflogs
2012-07-31 16:01 . 2012-08-05 02:52 -------- d-----w- c:\programdata\AVG2012
2012-07-31 16:01 . 2012-08-05 02:39 -------- d-----w- C:\$AVG
2012-07-31 16:01 . 2012-07-31 16:01 -------- d-----w- c:\program files (x86)\AVG
2012-07-31 15:57 . 2012-08-08 17:14 -------- d-----w- c:\programdata\MFAData
2012-07-31 15:57 . 2012-07-31 15:57 -------- d--h--w- c:\programdata\Common Files
2012-07-31 13:07 . 2012-07-31 13:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 13:07 . 2012-07-31 13:07 -------- d-----w- c:\windows\system32\Macromed
2012-07-26 17:14 . 2012-08-06 16:08 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-24 21:35 . 2012-07-24 21:35 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2012-07-24 15:34 . 2012-07-24 15:34 -------- d-----w- c:\program files (x86)\NirSoft
2012-07-23 18:32 . 2012-07-03 07:19 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-23 18:25 . 2012-07-23 18:25 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-23 18:25 . 2012-07-23 18:25 -------- d-----w- c:\windows\system32\Wat
2012-07-23 17:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 17:33 . 2012-07-23 17:33 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-07-23 17:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-23 17:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-23 17:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-23 17:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-23 17:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-23 17:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-23 17:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-23 14:05 . 2008-07-31 14:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2012-07-23 14:05 . 2008-07-31 14:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2012-07-23 14:05 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-23 14:05 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-23 14:05 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-23 14:00 . 2012-07-23 14:00 -------- d-----w- C:\Riot Games
2012-07-23 13:21 . 2012-07-31 13:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-07-23 13:20 . 2012-07-23 18:27 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-07-23 11:19 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-23 11:17 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-07-23 11:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-07-23 11:17 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-07-23 11:10 . 2012-07-23 11:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\program files (x86)\Toshiba Online Backup
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-07-23 06:14 . 2012-07-23 06:14 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-07-23 06:13 . 2011-02-17 23:42 99320 ----a-w- c:\windows\system32\tosWirelessLANIndicatorCP.dll
2012-07-23 06:13 . 2010-03-18 16:36 827728 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-23 06:13 . 2010-03-18 16:36 607568 ----a-w- c:\windows\system32\msvcp100.dll
2012-07-23 06:10 . 2012-07-23 06:11 -------- d-----w- c:\program files (x86)\TOSHIBA Games
2012-07-23 06:10 . 2012-07-23 06:11 -------- d-----w- c:\programdata\WildTangent
2012-07-23 06:10 . 2012-07-23 06:10 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-07-23 06:05 . 2010-10-20 21:41 138656 ----a-w- c:\windows\system32\TODDSrv.exe
2012-07-23 06:03 . 2006-03-31 19:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-07-23 06:00 . 2007-04-17 18:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2012-07-23 06:00 . 2012-07-23 06:00 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2012-07-23 05:59 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Corel
2012-07-23 05:59 . 2012-07-23 05:59 -------- d-----w- c:\programdata\Corel
2012-07-23 05:58 . 2012-07-23 06:04 -------- d-----w- c:\program files (x86)\Common Files\Toshiba Shared
2012-07-23 05:58 . 2011-06-10 02:28 482384 ----a-w- c:\windows\system32\drivers\tos_sps64.sys
2012-07-23 05:58 . 2009-03-09 22:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-07-23 05:57 . 2011-02-09 02:07 38096 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2012-07-23 05:47 . 2012-07-23 05:47 -------- d-----w- c:\program files\Google
2012-07-23 05:47 . 2012-07-23 05:47 -------- d-----w- c:\program files (x86)\Google
2012-07-23 05:45 . 2012-07-31 13:15 -------- d-----w- c:\programdata\Norton
2012-07-23 05:45 . 2012-07-31 13:14 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\program files (x86)\Renesas Electronics
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\programdata\Downloaded Installations
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\program files (x86)\JMicron
2012-07-23 05:40 . 2012-07-23 05:40 -------- d-----w- c:\windows\SysWow64\SDA
2012-07-23 05:39 . 2011-06-10 10:34 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-07-23 05:39 . 2009-06-19 04:42 40832 ----a-w- c:\windows\system32\drivers\TosBtCi.dll
2012-07-23 05:38 . 2010-10-18 21:14 42096 ----a-r- c:\windows\system32\drivers\btfilter.sys
2012-07-23 05:38 . 2012-07-23 05:38 -------- d-----w- c:\program files (x86)\TOH Class Filter
2012-07-23 05:36 . 2012-07-23 05:36 -------- d-----w- c:\windows\Options
2012-07-23 05:36 . 2011-05-24 04:24 2750464 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-07-23 05:36 . 2012-08-05 14:48 -------- d-----w- c:\program files (x86)\Atheros
2012-07-23 05:36 . 2012-08-05 14:48 -------- d-----w- c:\windows\system32\nn-NO
2012-07-23 05:36 . 2011-05-31 20:38 63648 ----a-w- c:\windows\system32\athihvui.dll
2012-07-23 05:36 . 2010-12-21 02:20 443040 ----a-w- c:\windows\system32\athihvs.dll
2012-07-23 05:35 . 2012-07-23 05:36 -------- d-----w- c:\programdata\Atheros
2012-07-23 05:29 . 1999-10-13 01:47 24576 ----a-w- c:\windows\SysWow64\TSCI.dll
2012-07-23 05:29 . 1999-10-13 01:45 24576 ----a-w- c:\windows\SysWow64\THCI.dll
2012-07-23 05:28 . 2012-07-23 05:28 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-23 05:28 . 2012-07-23 05:28 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\vista64
2012-07-23 05:28 . 2012-07-23 05:30 -------- d-----w- c:\programdata\win7_64
2012-07-23 05:28 . 2012-07-23 05:30 -------- d-----w- c:\programdata\win7_32
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\vista32
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\programdata\xp
2012-07-23 05:28 . 2011-03-10 19:06 295936 ----a-w- c:\windows\system32\HWS_Ctrl.dll
2012-07-23 05:28 . 2010-03-04 23:44 8192 ----a-w- c:\windows\system32\TSBWLS.dll
2012-07-23 05:28 . 2012-07-23 05:28 -------- d-----w- c:\windows\system32\Microsoft.VC80.MFC
2012-07-23 05:27 . 2012-07-23 05:27 -------- d-----w- c:\windows\Downloaded Installations
2012-07-23 05:27 . 2012-07-23 18:28 -------- d-----w- c:\windows\SysWow64\NV
2012-07-23 05:27 . 2012-07-23 18:28 -------- d-----w- c:\windows\system32\NV
2012-07-23 05:26 . 2012-07-23 11:12 -------- d-----w- c:\programdata\NVIDIA
2012-07-23 05:22 . 2012-07-23 05:22 -------- d-----w- c:\program files\Common Files\Intel
2012-07-23 05:22 . 2012-07-23 05:22 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-07-23 05:18 . 2011-01-13 00:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-07-23 05:18 . 2011-02-01 20:06 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-07-23 05:18 . 2012-07-23 05:18 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-07-23 05:18 . 2012-07-23 05:21 -------- d-----w- C:\Intel
2012-07-23 05:16 . 2012-07-23 05:22 -------- d-----w- c:\program files (x86)\Intel
2012-07-23 05:16 . 2010-10-04 20:02 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-07-23 04:06 . 2012-08-08 13:50 -------- d-----w- c:\users\UpdatusUser
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 13:07 . 2011-08-22 03:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-23 03:26 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( [email protected]_13.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-08-08 13:50 48738 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-07-23 03:27 . 2012-08-06 15:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-23 03:27 . 2012-08-08 16:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-23 03:27 . 2012-08-08 16:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-23 03:27 . 2012-08-06 15:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 16:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-06 15:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-23 03:27 . 2012-08-08 13:50 7198 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-485075121-1996720699-1196655788-1001_UserData.bin
+ 2012-08-06 16:30 . 2012-08-08 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 16:30 . 2012-08-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 16:30 . 2012-08-08 13:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 16:30 . 2012-08-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-23 10:21 . 2012-08-08 14:27 227002 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-05 02:40 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-05 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-23 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"Abyssus"="c:\program files (x86)\Razer\Abyssus\razerhid.exe" [2011-03-10 231936]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-05 1147488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-03 175192]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-23 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-06-10 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-05 31080]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-07-18 66160]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-05 830048]
S3 Abyssus;Razer Abyssus;c:\windows\system32\drivers\Abyssus.sys [2009-10-30 10880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-07-23 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 05:47]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 05:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\JakeMellon\AppData\Roaming\Mozilla\Firefox\Profiles\pz7izkqf.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 14:49:00
ComboFix-quarantined-files.txt 2012-08-08 18:49
ComboFix2.txt 2012-08-08 13:32
.
Pre-Run: 412,584,054,784 bytes free
Post-Run: 412,515,180,544 bytes free
.
- - End Of File - - C21C80AB78CDFC3ED70F795E47E9094F
JMell is offline  
Old 08-08-2012, 01:58 PM   #14
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



that error message is generally due to a hardware driver. You may need to go to the manufacturers site and download the latest drivers for your machine, there seems to be a lot of reference to video card drivers for that error as well.

It doesn't appear to be related to malware, right click and delete the DDS and FRST program and any logs, then clean up ComboFix by doing the following:
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.


Let me know how you do with updating the drivers
CatByte is offline  
Old 08-09-2012, 01:58 PM   #15
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Uninstalled combofix and installed a bunch of new drivers (one of which was a for nVidia gpu) for my comp off the toshiba site. Hopefully no more BSOD....
JMell is offline  
Old 08-09-2012, 02:02 PM   #16
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



very good,

I'll keep the thread open a day or two so you can let me know how it's doing
CatByte is offline  
Old 08-09-2012, 04:37 PM   #17
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



I've found that the recent IRQL BSOD I've been getting is due to my mouse. Everytime it is plugged in it will BSOD a few times when I start and if I unplug it, it will BSOD. This happens when it is plugged into any usb port so I'm almost positive it is the mouse driver. I have a Razer Abyssus 3.5G and the most recent driver...so how exactly should I go about this? My comp has also been running extremely slow on start up. Could the mouse driver really slow my whole system?
JMell is offline  
Old 08-09-2012, 05:16 PM   #18
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



there must be some incompatibility somewhere along the line, we're out of my area of expertise with this, but we have a BSOD subforum

BSOD, App Crashes And Hangs - Tech Support Forum

I would start a new topic there, let them know you've been given the all clear from the malware forum, then see if the techs there can figure out the issue.


if there are any tools or logs left on your desktop that I had you down load, right click and delete them

let me know what the techs advise
CatByte is offline  
Old 08-09-2012, 05:23 PM   #19
Registered Member
 
Join Date: Jul 2012
Posts: 22
OS: Windows 7



Alright sounds good. And thanks for your help and patience!
JMell is offline  
Old 08-09-2012, 05:40 PM   #20
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



you are welcome

I hope you are able to resolve the remaining issues
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple Blue Screen Errors (VISTA)
I wont post the whole story because it was quite long but here is a link to another help forum I posted on. Vista Multiple Blue Screen Errors - PC Help Forum - Windows Vista Service Pack 2 (x86) - OS came pre-installed on computer - Hardware and OS is about 3-4 years old I believe -AMD...
Npons BSOD, App Crashes And Hangs 7 05-01-2012 12:42 PM
[SOLVED] BSOD when accessing internet
Hi, OS - Vista/ Windows 7 ? : Vista SP 2 ∑ x86 (32-bit) or x64 : 32-bit ∑ What was original installed OS on system? :Vista ∑ Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? : Full retail ∑ Age of system (hardware): 3-4 years ∑...
eraonel BSOD, App Crashes And Hangs 11 02-01-2012 12:41 PM
BSOD issues -_- (maybe ram related)
Ok so i've been getting BSOD errors for the past year, some due to unstable CPU which i fixed pretty much right away. But i've had issues with my ram and it's timings as I'm using a lanparty t3eh9 i5 mobo. Specs are as follows: CPU- i5 760 @ 4ghz 1.27v RAM - Ripjaws 2x4gb @ 1600mhz 1.66v...
Mauler1987 BSOD, App Crashes And Hangs 31 12-29-2011 12:29 AM
BSOD Help
I'm a bit of a noob, so I hope I did the correctly. I'm running windows 7. 64 bit. This computer has always had Windows7 on it, and it came with the computer. The computer is 1.5 years old and has always done this. Intel(r) Core(tm)2 Quad CPU [email protected] 2.66GHz 2.67GHz Video Card: Nvidia...
sasarai1987 BSOD, App Crashes And Hangs 4 06-15-2011 11:46 PM
Persistent BSOD errors
Hi, My Acer aspire 8735G is repeatedly having BSOD errors. The OS is Windows 7 (x64), and was pre-installed I have only had the machine since June/July I have previously reset to factory settings, but used the function which automatically backed up all files and retained the OS. As for the...
FGZstar BSOD, App Crashes And Hangs 2 01-02-2011 04:48 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:49 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts