As the title says, I have been suffering from random redirects and browser launches (specifically Internet Explorer) while I was surfing the web. Just today I was redirected to freshbrowserupdate.com and on previous weeks I've been redirected to sites like url123.info while visiting forums. I don't know what could possibly be causing this, as MBAM found something and deleted it, but that did not stop the problem. I'll be checking up on this post frequently so that a solution may be reached. Thanks in advance and I'll post the logs below.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:44 AM, on 11/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\Users\Sora\AppData\Local\Temp\iWinArcadeAutocleanup.bat
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10184 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Sora at 6:56:18 on 2012-11-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1548 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\splwow64.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>;*.local
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [iWinArcadeIECleanup] C:\Users\Sora\AppData\Local\Temp\iWinArcadeAutocleanup.bat
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{6CE5C8B2-4EFA-4944-BEDA-4D6D1C7862F4} : DHCPNameServer = 24.229.54.212 216.144.187.199 204.186.80.229
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E} : DHCPNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\3595848413 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\75962756C6563737136363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\E4F42514F5055524C49434 : DHCPNameServer = 71.250.0.12 71.242.0.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-2-22 162824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-22 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-22 2656280]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-22 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-22 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-22 1103464]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-22 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\windows\System32\drivers\vcsvad.sys [2012-5-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-12 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2012-4-29 115272]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 OXUDIDRV;OXUDIDRV;C:\windows\System32\drivers\OXUDIDRV_x64.sys [2012-5-6 31280]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-22 250984]
S3 SwitchBoard;Adobe SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TFsExDisk;TFsExDisk;C:\windows\System32\drivers\TFsExDisk.sys [2012-5-11 16448]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-6 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-21 14544]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-19 2666880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-26 05:10:38 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71166326-5757-4859-BAB2-4C55B3D86B3C}\mpengine.dll
2012-11-25 05:07:07 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-24 04:18:44 -------- d-----w- C:\ProgramData\iWin Games
2012-11-24 04:18:01 -------- d-----w- C:\Users\Sora\AppData\Local\{9796F9BA-77BD-4C03-8E3F-9E7DAD7E7CAE}
2012-11-24 04:16:36 -------- d-----w- C:\Program Files (x86)\RelevantKnowledge
2012-11-24 04:16:32 -------- d-----w- C:\Program Files (x86)\Iminent
2012-11-22 04:11:22 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-15 20:46:08 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 20:46:04 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-15 20:46:04 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-15 20:46:04 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-15 20:30:42 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-15 20:30:42 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-15 20:30:39 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-15 20:30:36 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-15 20:30:35 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-15 20:30:35 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-15 20:30:34 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-15 20:10:14 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-15 20:10:12 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-11-15 20:10:12 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-11-15 20:10:12 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-11-15 20:10:11 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-11-15 20:10:02 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-11-15 20:10:01 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-11-15 20:10:00 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-11-15 20:09:59 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-11-15 20:09:59 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-11-15 20:09:59 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-11-15 20:09:58 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-11-15 20:09:58 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2012-11-15 20:09:58 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-11-15 20:09:58 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-11-15 20:09:57 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-11-15 20:09:57 18944 ----a-w- C:\windows\System32\netevent.dll
2012-11-15 20:04:57 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-15 20:04:57 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-11-12 18:10:44 -------- d-----w- C:\Program Files\HP
2012-11-12 08:34:23 -------- d-----w- C:\Users\Sora\AppData\Roaming\Malwarebytes
2012-11-12 08:33:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-12 08:33:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-11-12 08:33:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-06 22:20:11 0 ----a-w- C:\windows\SysWow64\shoDAB2.tmp
2012-11-05 05:13:03 -------- d-----w- C:\Program Files (x86)\FireArc Arcade
.
==================== Find3M ====================
.
2012-10-09 14:36:25 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 14:36:25 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-25 03:16:33 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-09-12 17:15:57 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-12 17:15:57 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 6:58:05.52 ===============
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:04:44 AM, on 11/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: (no name) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\Users\Sora\AppData\Local\Temp\iWinArcadeAutocleanup.bat
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Unknown owner - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10184 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Sora at 6:56:18 on 2012-11-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.1548 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\splwow64.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sora\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>;*.local
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [iWinArcadeIECleanup] C:\Users\Sora\AppData\Local\Temp\iWinArcadeAutocleanup.bat
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{6CE5C8B2-4EFA-4944-BEDA-4D6D1C7862F4} : DHCPNameServer = 24.229.54.212 216.144.187.199 204.186.80.229
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E} : DHCPNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\3595848413 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\75962756C6563737136363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{BE0549CC-FFFF-4675-92AC-8C86DB7CE36E}\E4F42514F5055524C49434 : DHCPNameServer = 71.250.0.12 71.242.0.12
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-2-22 162824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-12 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-22 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-22 2656280]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-22 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-22 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-22 1103464]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-22 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\windows\System32\drivers\vcsvad.sys [2012-5-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-12 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-12 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2012-4-29 115272]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 OXUDIDRV;OXUDIDRV;C:\windows\System32\drivers\OXUDIDRV_x64.sys [2012-5-6 31280]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-22 250984]
S3 SwitchBoard;Adobe SwitchBoard;"C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" --> C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [?]
S3 TFsExDisk;TFsExDisk;C:\windows\System32\drivers\TFsExDisk.sys [2012-5-11 16448]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-6 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-21 14544]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-19 2666880]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-26 05:10:38 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71166326-5757-4859-BAB2-4C55B3D86B3C}\mpengine.dll
2012-11-25 05:07:07 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-24 04:18:44 -------- d-----w- C:\ProgramData\iWin Games
2012-11-24 04:18:01 -------- d-----w- C:\Users\Sora\AppData\Local\{9796F9BA-77BD-4C03-8E3F-9E7DAD7E7CAE}
2012-11-24 04:16:36 -------- d-----w- C:\Program Files (x86)\RelevantKnowledge
2012-11-24 04:16:32 -------- d-----w- C:\Program Files (x86)\Iminent
2012-11-22 04:11:22 -------- d-----r- C:\Program Files (x86)\Skype
2012-11-15 20:46:08 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 20:46:04 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-15 20:46:04 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-15 20:46:04 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-15 20:30:42 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-15 20:30:42 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-15 20:30:39 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-15 20:30:36 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-15 20:30:35 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-15 20:30:35 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-15 20:30:34 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-15 20:10:14 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-15 20:10:12 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-11-15 20:10:12 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-11-15 20:10:12 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-11-15 20:10:11 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-11-15 20:10:02 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-11-15 20:10:01 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-11-15 20:10:00 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-11-15 20:09:59 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-11-15 20:09:59 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-11-15 20:09:59 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-11-15 20:09:58 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-11-15 20:09:58 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2012-11-15 20:09:58 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-11-15 20:09:58 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-11-15 20:09:57 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-11-15 20:09:57 18944 ----a-w- C:\windows\System32\netevent.dll
2012-11-15 20:04:57 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-15 20:04:57 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-11-12 18:10:44 -------- d-----w- C:\Program Files\HP
2012-11-12 08:34:23 -------- d-----w- C:\Users\Sora\AppData\Roaming\Malwarebytes
2012-11-12 08:33:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-12 08:33:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-11-12 08:33:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-06 22:20:11 0 ----a-w- C:\windows\SysWow64\shoDAB2.tmp
2012-11-05 05:13:03 -------- d-----w- C:\Program Files (x86)\FireArc Arcade
.
==================== Find3M ====================
.
2012-10-09 14:36:25 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 14:36:25 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-25 03:16:33 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-09-12 17:15:57 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-12 17:15:57 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 02:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 6:58:05.52 ===============