FBI ransom virus

Solved
By sandhu1
Sep 18, 2012
  1. Hey ,
    Yesterday I got a screen that popped up on my laptop stating that I had violated a copyright law and in order to release my computer I had to pay 200 $. After poking around online I found that many others had a similar problem. I am not very tech savvy and would greatly appreciate any help on resolving these issues. I also am not sure how to delete the GMER and the DDS scaner from my pc. I found tech spot and ran the scans on my pc recommended from the forum here are my logs separated for the forum.(malware and GMER this post DDS next post)

    Thanks
    Sandhu1


    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.19.01

    Windows Vista Service Pack 1 x64 NTFS
    Internet Explorer 7.0.6001.18000
    resham :: RESHAM-PC [administrator]

    9/18/2012 5:38:32 PM
    mbam-log-2012-09-18 (17-38-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 264778
    Time elapsed: 3 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 33
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.
    HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|chcns (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\resham\AppData\Roaming\chcns.dll",CreateContext -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 8
    C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
    C:\Users\resham\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

    Files Detected: 25
    C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\Temp\xcmowrsean.exe (Spyware.Password) -> Quarantined and deleted successfully.
    C:\Users\resham\Downloads\installfreefileopener_553.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Users\resham\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\resham\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\Microsoft\svchostt.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.exe (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
    C:\Users\resham\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\resham\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

    (end)
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    No modifications from gmer report log was empty
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  2. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    ------------------------------------------------------------------------------------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_30
    Run by resham at 19:31:47 on 2012-09-18
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.1892 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\resham\AppData\Roaming\Spotify\spotify.exe
    C:\Windows\system32\igfxext.exe
    C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Spotify] "C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [ethri] "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
    mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427
    StartupFolder: C:\Users\resham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{5792BFBD-E177-4EAA-934F-AF82BB67D2A3} : DhcpNameServer = 192.168.15.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    mRun-x64: [NDSTray.exe] NDSTray.exe
    mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
    mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
    mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    mRun-x64: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Conime] %windir%\system32\conime.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bb7ed80c7-6dcb-43e3-921b-32815c5c005f%7D&mid=bd1e2c2048de47d69623d1e980e4e9f3-75d5b143e8225633ea1002530ff6a12a622dbe1b&ds=AVG&v=12.2.5.32&lang=us&pr=pa&d=2012-01-13%2019%3A03%3A25&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575&q=
    FF - user.js: extensions.funmoods.id - 0024D2326C0F61F4
    FF - user.js: extensions.funmoods.instlDay - 15530
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:11:29
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-18 44808]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
    R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
    R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-22 250056]
    S3 ATMFBUS;A600 USB Composite Device Driver;C:\Windows\system32\DRIVERS\ATMFBUS.sys --> C:\Windows\system32\DRIVERS\ATMFBUS.sys [?]
    S3 ATMFCVsp;A600 Cricket CM Port;C:\Windows\system32\DRIVERS\ATMFCVsp.sys --> C:\Windows\system32\DRIVERS\ATMFCVsp.sys [?]
    S3 ATMFFLT;A600 USB Modem Installation CD;C:\Windows\system32\DRIVERS\ATMFFLT.sys --> C:\Windows\system32\DRIVERS\ATMFFLT.sys [?]
    S3 ATMFMdm;A600 Cricket EVDO Modem;C:\Windows\system32\DRIVERS\ATMFMdm.sys --> C:\Windows\system32\DRIVERS\ATMFMdm.sys [?]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;C:\Windows\system32\DRIVERS\ATMFNET.sys --> C:\Windows\system32\DRIVERS\ATMFNET.sys [?]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;C:\Windows\system32\DRIVERS\ATMFNVsp.sys --> C:\Windows\system32\DRIVERS\ATMFNVsp.sys [?]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;C:\Windows\system32\DRIVERS\ATMFVsp.sys --> C:\Windows\system32\DRIVERS\ATMFVsp.sys [?]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-3-17 954368]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-20 114144]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-27 93184]
    S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
    S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-19 00:37:20 -------- d-----w- C:\Users\resham\AppData\Roaming\Malwarebytes
    2012-09-19 00:37:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-09-19 00:37:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-18 07:56:30 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-09-18 07:56:30 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-09-18 07:56:09 41224 ----a-w- C:\Windows\avastSS.scr
    2012-09-18 07:55:52 -------- d-----w- C:\ProgramData\AVAST Software
    2012-09-18 07:55:52 -------- d-----w- C:\Program Files\AVAST Software
    2012-09-18 06:34:33 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-09-18 06:34:08 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-09-18 06:34:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-09-18 06:29:17 -------- d-----w- C:\Users\resham\AppData\Roaming\SpeedyPC Software
    2012-09-18 06:29:17 -------- d-----w- C:\Users\resham\AppData\Roaming\DriverCure
    2012-09-18 06:29:08 -------- d-----w- C:\ProgramData\SpeedyPC Software
    2012-09-18 05:15:25 -------- d-----w- C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
    2012-09-18 05:15:13 404992 ----a-w- C:\Users\resham\AppData\Roaming\ethri.dll
    2012-09-10 02:09:49 -------- d-----w- C:\Windows\System32\kodak
    2012-09-10 02:08:15 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
    2012-09-10 01:12:54 -------- d-----w- C:\Windows\SysWow64\spool
    2012-09-03 03:37:00 -------- d-----w- C:\Users\resham\AppData\Local\Spotify
    2012-09-03 03:36:56 -------- d-----w- C:\Users\resham\AppData\Roaming\Spotify
    2012-08-29 02:24:02 -------- d-----w- C:\Windows\SysWow64\kodak
    2012-08-24 04:54:43 -------- d-----r- C:\Program Files (x86)\Skype
    2012-08-23 00:31:38 -------- d-----w- C:\Users\resham\AppData\Local\Macromedia
    2012-08-23 00:28:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-23 00:28:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-21 02:19:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 19:32:40.90 ===============
    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/17/2009 12:05:41 PM
    System Uptime: 9/18/2012 6:02:42 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 186.482 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.6
    aioscnnr
    Amazon Links
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    avast! Free Antivirus
    C4USelfUpdater
    Camera Assistant Software for Toshiba
    CD/DVD Drive Acoustic Silencer
    center
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Cricket Broadband 1.0
    DVD MovieFactory for TOSHIBA
    essentials
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) 6 Update 6
    KODAK AiO Software
    Malwarebytes Anti-Malware version 1.65.0.1400
    Maple 12
    McAfee Security Scan Plus
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft XML Parser
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NetZero Internet Access Installer
    Notepad++
    ocr
    PreReq
    QuickBooks Financial Center
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skype™ 5.10
    Spotify
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Desktop Links
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    Toshiba Registration
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Visual Studio 2008 x64 Redistributables
    WildTangent Games
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/18/2012 6:05:42 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 6:05:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ConfigFree Gadget Service service to connect.
    9/18/2012 6:05:29 PM, Error: Service Control Manager [7000] - The ConfigFree Gadget Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    9/18/2012 6:02:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    9/17/2012 11:14:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
    9/17/2012 11:14:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    9/17/2012 11:12:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 spldr Wanarpv6
    9/17/2012 11:12:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/17/2012 11:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/17/2012 11:12:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/17/2012 11:12:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    9/17/2012 11:12:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/17/2012 11:12:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/17/2012 11:12:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    9/17/2012 10:20:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    9/17/2012 10:20:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    9/17/2012 10:20:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    9/17/2012 10:19:29 PM, Error: EventLog [6008] - The previous system shutdown at 10:17:32 PM on 9/17/2012 was unexpected.
    9/17/2012 10:14:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    9/15/2012 5:49:26 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0024D2326C0F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    9/14/2012 3:03:36 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 130.17.87.176, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    9/14/2012 1:38:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    9/13/2012 8:37:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    9/12/2012 8:03:10 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.35.164, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    9/11/2012 8:38:01 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.15.89, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
    9/11/2012 6:15:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  4. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Hey Broni,
    Iam not sure that I have the capability to unzip files installed on my pc. I know that I am not supposed to install anything while we are cleaning, do you have any suggestions on where I can safely download a tool to unzip the TDSS file? do I need to acquire this and start again?

    Thanks for your help and patience
    sandhu1
  5. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Double click on zipped file and it'll unzip.
  6. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Broni,
    will the aswMBR let me know when it is completed the scan? I clicked save log before it was completed because it had been idle for a few minutes, so I thought that it was complete. will this affect any thing or do I just save it again upon completion?also what do I do with these tools once I have completed the scans?
    Thanks again for all your help, It is a wonderful feeling to see such kindness demonstrated in our world.
    Sandhu1
  7. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Give aswMBR some time but run the tools in the order I posted. aswMBR as the last one.
    We'll remove those tools when we're done.
  8. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Broni,
    Well here are the logs you requested a couple of notes about the scans. On the TDSS scan while scanning my pc tried to open firefox and get online twice, it also opened my documents folder while scanning. Durring the RougeKiller scan a blue screen popped up I believe it was a ? "crash dump"? and restarted my computer. As I stated in my previous post I requested the report for the aswMBR scan prematurely to the scan being completed, I posted both the premi and complete logs for all of the scans requested.

    Thanks Broni,
    sandhu1
  9. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    TDSSkiller log


    20:22:02.0147 2760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    20:22:02.0917 2760 ============================================================
    20:22:02.0917 2760 Current date / time: 2012/09/19 20:22:02.0917
    20:22:02.0917 2760 SystemInfo:
    20:22:02.0917 2760
    20:22:02.0917 2760 OS Version: 6.0.6001 ServicePack: 1.0
    20:22:02.0917 2760 Product type: Workstation
    20:22:02.0917 2760 ComputerName: RESHAM-PC
    20:22:02.0917 2760 UserName: resham
    20:22:02.0917 2760 Windows directory: C:\Windows
    20:22:02.0917 2760 System windows directory: C:\Windows
    20:22:02.0917 2760 Running under WOW64
    20:22:02.0917 2760 Processor architecture: Intel x64
    20:22:02.0917 2760 Number of processors: 2
    20:22:02.0917 2760 Page size: 0x1000
    20:22:02.0917 2760 Boot type: Normal boot
    20:22:02.0917 2760 ============================================================
    20:22:03.0597 2760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:22:03.0597 2760 ============================================================
    20:22:03.0597 2760 \Device\Harddisk0\DR0:
    20:22:03.0597 2760 MBR partitions:
    20:22:03.0597 2760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2411A800
    20:22:03.0597 2760 ============================================================
    20:22:03.0647 2760 C: <-> \Device\Harddisk0\DR0\Partition1
    20:22:03.0647 2760 ============================================================
    20:22:03.0647 2760 Initialize success
    20:22:03.0647 2760 ============================================================
    20:22:07.0837 1176 ============================================================
    20:22:07.0837 1176 Scan started
    20:22:07.0837 1176 Mode: Manual;
    20:22:07.0837 1176 ============================================================
    20:22:08.0157 1176 ================ Scan system memory ========================
    20:22:08.0157 1176 System memory - ok
    20:22:08.0157 1176 ================ Scan services =============================
    20:22:08.0367 1176 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
    20:22:08.0377 1176 ACPI - ok
    20:22:08.0497 1176 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:22:08.0507 1176 AdobeFlashPlayerUpdateSvc - ok
    20:22:08.0567 1176 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    20:22:08.0597 1176 adp94xx - ok
    20:22:08.0667 1176 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    20:22:08.0677 1176 adpahci - ok
    20:22:08.0717 1176 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    20:22:08.0717 1176 adpu160m - ok
    20:22:08.0757 1176 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    20:22:08.0767 1176 adpu320 - ok
    20:22:08.0817 1176 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:22:08.0817 1176 AeLookupSvc - ok
    20:22:08.0877 1176 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
    20:22:08.0897 1176 AFD - ok
    20:22:08.0947 1176 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
    20:22:08.0957 1176 AgereModemAudio - ok
    20:22:09.0027 1176 [ 3627A62B10284FFBF862BFD49928EDF4 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    20:22:09.0047 1176 AgereSoftModem - ok
    20:22:09.0107 1176 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:22:09.0107 1176 agp440 - ok
    20:22:09.0147 1176 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    20:22:09.0147 1176 aic78xx - ok
    20:22:09.0177 1176 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    20:22:09.0187 1176 ALG - ok
    20:22:09.0217 1176 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:22:09.0217 1176 aliide - ok
    20:22:09.0257 1176 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    20:22:09.0267 1176 amdide - ok
    20:22:09.0287 1176 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    20:22:09.0297 1176 AmdK8 - ok
    20:22:09.0347 1176 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    20:22:09.0357 1176 Appinfo - ok
    20:22:09.0427 1176 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:22:09.0427 1176 Apple Mobile Device - ok
    20:22:09.0457 1176 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    20:22:09.0467 1176 arc - ok
    20:22:09.0507 1176 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    20:22:09.0507 1176 arcsas - ok
    20:22:09.0557 1176 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    20:22:09.0557 1176 aswFsBlk - ok
    20:22:09.0587 1176 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    20:22:09.0587 1176 aswMonFlt - ok
    20:22:09.0637 1176 [ 2CF56F9848BF7841FF420E9DD95029EE ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
    20:22:09.0637 1176 AswRdr - ok
    20:22:09.0687 1176 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    20:22:09.0727 1176 aswSnx - ok
    20:22:09.0757 1176 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    20:22:09.0777 1176 aswSP - ok
    20:22:09.0807 1176 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    20:22:09.0807 1176 aswTdi - ok
    20:22:09.0827 1176 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:22:09.0827 1176 AsyncMac - ok
    20:22:09.0867 1176 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
    20:22:09.0867 1176 atapi - ok
    20:22:09.0937 1176 [ 45511C7E870D3ADDDD60049232EA96B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    20:22:09.0967 1176 athr - ok
    20:22:10.0017 1176 [ 2BEBEDF0A2C6EEC436F0546432D10B3E ] ATMFBUS C:\Windows\system32\DRIVERS\ATMFBUS.sys
    20:22:10.0017 1176 ATMFBUS - ok
    20:22:10.0087 1176 [ 8C13767E368DE74CB44BF750F27EC9B8 ] ATMFCVsp C:\Windows\system32\DRIVERS\ATMFCVsp.sys
    20:22:10.0087 1176 ATMFCVsp - ok
    20:22:10.0147 1176 [ CB365FAB232D60423B287A650A092343 ] ATMFFLT C:\Windows\system32\DRIVERS\ATMFFLT.sys
    20:22:10.0147 1176 ATMFFLT - ok
    20:22:10.0187 1176 [ 7EDBB7DF5413CFD62EB247A3F5FEE03E ] ATMFMdm C:\Windows\system32\DRIVERS\ATMFMdm.sys
    20:22:10.0197 1176 ATMFMdm - ok
    20:22:10.0257 1176 [ 9DEFF1B882978630B64FA887BF1920F7 ] ATMFNET C:\Windows\system32\DRIVERS\ATMFNET.sys
    20:22:10.0257 1176 ATMFNET - ok
    20:22:10.0317 1176 [ 6C40F32270DE3579F26892BCD381F5EA ] ATMFNVsp C:\Windows\system32\DRIVERS\ATMFNVsp.sys
    20:22:10.0327 1176 ATMFNVsp - ok
    20:22:10.0367 1176 [ 7AA5D545E17306E4BE3F996D63ED8BEE ] ATMFVsp C:\Windows\system32\DRIVERS\ATMFVsp.sys
    20:22:10.0367 1176 ATMFVsp - ok
    20:22:10.0437 1176 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:22:10.0457 1176 AudioEndpointBuilder - ok
    20:22:10.0497 1176 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:22:10.0507 1176 AudioSrv - ok
    20:22:10.0667 1176 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    20:22:10.0667 1176 avast! Antivirus - ok
    20:22:10.0707 1176 AVG Security Toolbar Service - ok
    20:22:10.0737 1176 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    20:22:10.0747 1176 blbdrive - ok
    20:22:10.0817 1176 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    20:22:10.0827 1176 Bonjour Service - ok
    20:22:10.0867 1176 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:22:10.0867 1176 bowser - ok
    20:22:10.0897 1176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    20:22:10.0897 1176 BrFiltLo - ok
    20:22:10.0917 1176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    20:22:10.0917 1176 BrFiltUp - ok
    20:22:10.0947 1176 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    20:22:10.0957 1176 Browser - ok
    20:22:10.0977 1176 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    20:22:10.0977 1176 Brserid - ok
    20:22:10.0997 1176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    20:22:10.0997 1176 BrSerWdm - ok
    20:22:11.0047 1176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    20:22:11.0047 1176 BrUsbMdm - ok
    20:22:11.0067 1176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    20:22:11.0077 1176 BrUsbSer - ok
    20:22:11.0107 1176 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    20:22:11.0107 1176 BTHMODEM - ok
    20:22:11.0127 1176 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:22:11.0127 1176 cdfs - ok
    20:22:11.0147 1176 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:22:11.0147 1176 cdrom - ok
    20:22:11.0167 1176 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
    20:22:11.0177 1176 CertPropSvc - ok
    20:22:11.0197 1176 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
    20:22:11.0207 1176 circlass - ok
    20:22:11.0237 1176 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
    20:22:11.0247 1176 CLFS - ok
    20:22:11.0297 1176 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:22:11.0297 1176 clr_optimization_v2.0.50727_32 - ok
    20:22:11.0347 1176 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:22:11.0347 1176 clr_optimization_v2.0.50727_64 - ok
    20:22:11.0437 1176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:22:11.0437 1176 clr_optimization_v4.0.30319_32 - ok
    20:22:11.0447 1176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:22:11.0457 1176 clr_optimization_v4.0.30319_64 - ok
    20:22:11.0497 1176 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:22:11.0507 1176 CmBatt - ok
    20:22:11.0517 1176 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:22:11.0517 1176 cmdide - ok
    20:22:11.0547 1176 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:22:11.0547 1176 Compbatt - ok
    20:22:11.0557 1176 COMSysApp - ok
    20:22:11.0617 1176 [ 5AC8A997E8D9C131B5F90B4F3CCFAE34 ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    20:22:11.0617 1176 ConfigFree Gadget Service - ok
    20:22:11.0657 1176 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    20:22:11.0657 1176 ConfigFree Service - ok
    20:22:11.0667 1176 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    20:22:11.0667 1176 crcdisk - ok
    20:22:11.0717 1176 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:22:11.0717 1176 CryptSvc - ok
    20:22:11.0777 1176 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:22:11.0797 1176 DcomLaunch - ok
    20:22:11.0847 1176 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:22:11.0847 1176 DfsC - ok
    20:22:12.0017 1176 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
    20:22:12.0097 1176 DFSR - ok
    20:22:12.0147 1176 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    20:22:12.0147 1176 Dhcp - ok
    20:22:12.0167 1176 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
    20:22:12.0167 1176 disk - ok
    20:22:12.0197 1176 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:22:12.0197 1176 Dnscache - ok
    20:22:12.0227 1176 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:22:12.0227 1176 dot3svc - ok
    20:22:12.0237 1176 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    20:22:12.0247 1176 DPS - ok
    20:22:12.0277 1176 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:22:12.0277 1176 drmkaud - ok
    20:22:12.0317 1176 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:22:12.0347 1176 DXGKrnl - ok
    20:22:12.0377 1176 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    20:22:12.0377 1176 E1G60 - ok
    20:22:12.0407 1176 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    20:22:12.0407 1176 EapHost - ok
    20:22:12.0437 1176 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
    20:22:12.0437 1176 Ecache - ok
    20:22:12.0497 1176 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:22:12.0507 1176 ehRecvr - ok
    20:22:12.0527 1176 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    20:22:12.0527 1176 ehSched - ok
    20:22:12.0547 1176 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    20:22:12.0547 1176 ehstart - ok
    20:22:12.0597 1176 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    20:22:12.0607 1176 elxstor - ok
    20:22:12.0667 1176 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    20:22:12.0677 1176 EMDMgmt - ok
    20:22:12.0717 1176 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:22:12.0717 1176 ErrDev - ok
    20:22:12.0787 1176 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
    20:22:12.0797 1176 EventSystem - ok
    20:22:12.0827 1176 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
    20:22:12.0837 1176 exfat - ok
    20:22:12.0867 1176 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:22:12.0867 1176 fastfat - ok
    20:22:12.0907 1176 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:22:12.0907 1176 fdc - ok
    20:22:12.0937 1176 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    20:22:12.0937 1176 fdPHost - ok
    20:22:12.0967 1176 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    20:22:12.0967 1176 FDResPub - ok
    20:22:12.0997 1176 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:22:12.0997 1176 FileInfo - ok
    20:22:13.0037 1176 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:22:13.0037 1176 Filetrace - ok
    20:22:13.0057 1176 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:22:13.0057 1176 flpydisk - ok
    20:22:13.0087 1176 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:22:13.0097 1176 FltMgr - ok
    20:22:13.0157 1176 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:22:13.0157 1176 FontCache3.0.0.0 - ok
    20:22:13.0207 1176 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:22:13.0217 1176 Fs_Rec - ok
    20:22:13.0277 1176 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
    20:22:13.0277 1176 FwLnk - ok
    20:22:13.0337 1176 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    20:22:13.0337 1176 gagp30kx - ok
    20:22:13.0437 1176 [ 9DCF7DFE5FDBB0A47F8EE01FE13C2876 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    20:22:13.0447 1176 GameConsoleService - ok
    20:22:13.0507 1176 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:22:13.0507 1176 GEARAspiWDM - ok
    20:22:13.0597 1176 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
    20:22:13.0607 1176 gpsvc - ok
    20:22:13.0667 1176 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:22:13.0667 1176 gupdate - ok
    20:22:13.0697 1176 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:22:13.0697 1176 gupdatem - ok
    20:22:13.0737 1176 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:22:13.0737 1176 gusvc - ok
    20:22:13.0807 1176 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:22:13.0807 1176 HdAudAddService - ok
    20:22:13.0857 1176 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:22:13.0857 1176 HDAudBus - ok
    20:22:13.0887 1176 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    20:22:13.0897 1176 HidBth - ok
    20:22:13.0927 1176 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    20:22:13.0937 1176 HidIr - ok
    20:22:13.0977 1176 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
    20:22:13.0977 1176 hidserv - ok
    20:22:14.0017 1176 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:22:14.0017 1176 HidUsb - ok
    20:22:14.0047 1176 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:22:14.0057 1176 hkmsvc - ok
    20:22:14.0077 1176 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    20:22:14.0077 1176 HpCISSs - ok
    20:22:14.0117 1176 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:22:14.0147 1176 HTTP - ok
    20:22:14.0177 1176 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    20:22:14.0177 1176 i2omp - ok
    20:22:14.0207 1176 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    20:22:14.0207 1176 i8042prt - ok
    20:22:14.0267 1176 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    20:22:14.0277 1176 IAANTMON - ok
    20:22:14.0327 1176 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    20:22:14.0327 1176 iaStor - ok
    20:22:14.0367 1176 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    20:22:14.0397 1176 iaStorV - ok
    20:22:14.0467 1176 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    20:22:14.0467 1176 IDriverT - ok
    20:22:14.0557 1176 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:22:14.0587 1176 idsvc - ok
    20:22:14.0897 1176 [ 663E7364F650A915D415EEB2DA98D86A ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    20:22:15.0177 1176 igfx - ok
    20:22:15.0217 1176 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    20:22:15.0217 1176 iirsp - ok
    20:22:15.0277 1176 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
    20:22:15.0297 1176 IKEEXT - ok
    20:22:15.0377 1176 [ 1835B384D2D66752ED1460E9085230BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    20:22:15.0417 1176 IntcAzAudAddService - ok
    20:22:15.0467 1176 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    20:22:15.0467 1176 intelide - ok
    20:22:15.0487 1176 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:22:15.0487 1176 intelppm - ok
    20:22:15.0507 1176 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:22:15.0517 1176 IPBusEnum - ok
    20:22:15.0547 1176 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:22:15.0557 1176 IpFilterDriver - ok
    20:22:15.0567 1176 IpInIp - ok
    20:22:15.0597 1176 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    20:22:15.0597 1176 IPMIDRV - ok
    20:22:15.0637 1176 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    20:22:15.0647 1176 IPNAT - ok
    20:22:15.0687 1176 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:22:15.0727 1176 iPod Service - ok
    20:22:15.0747 1176 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:22:15.0747 1176 IRENUM - ok
    20:22:15.0777 1176 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:22:15.0787 1176 isapnp - ok
    20:22:15.0827 1176 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    20:22:15.0837 1176 iScsiPrt - ok
    20:22:15.0857 1176 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    20:22:15.0857 1176 iteatapi - ok
    20:22:15.0887 1176 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    20:22:15.0887 1176 iteraid - ok
    20:22:15.0977 1176 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files (x86)\Jumpstart\jswpsapi.exe
    20:22:16.0017 1176 jswpsapi - ok
    20:22:16.0057 1176 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:22:16.0057 1176 kbdclass - ok
    20:22:16.0077 1176 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:22:16.0077 1176 kbdhid - ok
    20:22:16.0107 1176 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
    20:22:16.0117 1176 KeyIso - ok
    20:22:16.0207 1176 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    20:22:16.0217 1176 Kodak AiO Network Discovery Service - ok
    20:22:16.0287 1176 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    20:22:16.0307 1176 Kodak AiO Status Monitor Service - ok
    20:22:16.0347 1176 [ 7C999F96B239E214154DB3C808E6736A ] KR10I64 C:\Windows\system32\drivers\kr10i64.sys
    20:22:16.0357 1176 KR10I64 - ok
    20:22:16.0397 1176 [ 8CB9A9164D4E789424F943FA718FA3F2 ] KR10N64 C:\Windows\system32\drivers\kr10n64.sys
    20:22:16.0397 1176 KR10N64 - ok
    20:22:16.0447 1176 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:22:16.0467 1176 KSecDD - ok
    20:22:16.0507 1176 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:22:16.0507 1176 ksthunk - ok
    20:22:16.0547 1176 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:22:16.0567 1176 KtmRm - ok
    20:22:16.0597 1176 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:22:16.0607 1176 LanmanServer - ok
    20:22:16.0647 1176 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:22:16.0657 1176 LanmanWorkstation - ok
    20:22:16.0677 1176 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:22:16.0677 1176 lltdio - ok
    20:22:16.0747 1176 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:22:16.0757 1176 lltdsvc - ok
    20:22:16.0787 1176 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:22:16.0797 1176 lmhosts - ok
    20:22:16.0877 1176 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    20:22:16.0877 1176 LSI_FC - ok
    20:22:16.0897 1176 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    20:22:16.0897 1176 LSI_SAS - ok
    20:22:16.0967 1176 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    20:22:16.0967 1176 LSI_SCSI - ok
    20:22:16.0997 1176 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:22:16.0997 1176 luafv - ok
    20:22:17.0067 1176 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    20:22:17.0067 1176 McComponentHostService - ok
    20:22:17.0107 1176 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:22:17.0117 1176 Mcx2Svc - ok
    20:22:17.0167 1176 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    20:22:17.0167 1176 megasas - ok
    20:22:17.0227 1176 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    20:22:17.0247 1176 MegaSR - ok
    20:22:17.0277 1176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    20:22:17.0287 1176 MMCSS - ok
    20:22:17.0307 1176 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    20:22:17.0317 1176 Modem - ok
    20:22:17.0337 1176 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:22:17.0337 1176 monitor - ok
    20:22:17.0357 1176 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:22:17.0357 1176 mouclass - ok
    20:22:17.0387 1176 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:22:17.0397 1176 mouhid - ok
    20:22:17.0417 1176 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    20:22:17.0417 1176 MountMgr - ok
    20:22:17.0497 1176 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:22:17.0497 1176 MozillaMaintenance - ok
    20:22:17.0527 1176 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:22:17.0537 1176 mpio - ok
    20:22:17.0567 1176 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:22:17.0567 1176 mpsdrv - ok
    20:22:17.0597 1176 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    20:22:17.0597 1176 Mraid35x - ok
    20:22:17.0607 1176 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:22:17.0607 1176 MRxDAV - ok
    20:22:17.0647 1176 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
  10. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    TDSS Logs continued
    ---------------------------------------------------------------------------------------------------------------------------------------------
    20:22:17.0647 1176 mrxsmb - ok
    20:22:17.0677 1176 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:22:17.0687 1176 mrxsmb10 - ok
    20:22:17.0697 1176 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:22:17.0697 1176 mrxsmb20 - ok
    20:22:17.0737 1176 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
    20:22:17.0737 1176 msahci - ok
    20:22:17.0757 1176 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:22:17.0767 1176 msdsm - ok
    20:22:17.0787 1176 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    20:22:17.0787 1176 MSDTC - ok
    20:22:17.0827 1176 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:22:17.0827 1176 Msfs - ok
    20:22:17.0857 1176 [ E7204A02A42FC331E9CA9D9521105B14 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:22:17.0857 1176 msisadrv - ok
    20:22:17.0877 1176 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:22:17.0887 1176 MSiSCSI - ok
    20:22:17.0887 1176 msiserver - ok
    20:22:17.0947 1176 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:22:17.0947 1176 MSKSSRV - ok
    20:22:17.0967 1176 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:22:17.0977 1176 MSPCLOCK - ok
    20:22:18.0027 1176 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:22:18.0027 1176 MSPQM - ok
    20:22:18.0057 1176 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:22:18.0067 1176 MsRPC - ok
    20:22:18.0087 1176 [ C68739CFA09401233C72B1047DBF0008 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    20:22:18.0087 1176 mssmbios - ok
    20:22:18.0117 1176 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:22:18.0117 1176 MSTEE - ok
    20:22:18.0137 1176 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:22:18.0137 1176 Mup - ok
    20:22:18.0167 1176 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
    20:22:18.0197 1176 napagent - ok
    20:22:18.0227 1176 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:22:18.0227 1176 NativeWifiP - ok
    20:22:18.0277 1176 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:22:18.0297 1176 NDIS - ok
    20:22:18.0317 1176 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:22:18.0317 1176 NdisTapi - ok
    20:22:18.0337 1176 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:22:18.0337 1176 Ndisuio - ok
    20:22:18.0347 1176 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:22:18.0357 1176 NdisWan - ok
    20:22:18.0377 1176 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:22:18.0377 1176 NDProxy - ok
    20:22:18.0387 1176 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:22:18.0397 1176 NetBIOS - ok
    20:22:18.0417 1176 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    20:22:18.0427 1176 netbt - ok
    20:22:18.0447 1176 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
    20:22:18.0447 1176 Netlogon - ok
    20:22:18.0487 1176 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    20:22:18.0507 1176 Netman - ok
    20:22:18.0537 1176 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    20:22:18.0557 1176 netprofm - ok
    20:22:18.0587 1176 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:22:18.0587 1176 NetTcpPortSharing - ok
    20:22:18.0617 1176 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    20:22:18.0627 1176 nfrd960 - ok
    20:22:18.0657 1176 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:22:18.0667 1176 NlaSvc - ok
    20:22:18.0687 1176 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:22:18.0687 1176 Npfs - ok
    20:22:18.0707 1176 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    20:22:18.0717 1176 nsi - ok
    20:22:18.0747 1176 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:22:18.0747 1176 nsiproxy - ok
    20:22:18.0817 1176 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:22:18.0857 1176 Ntfs - ok
    20:22:18.0877 1176 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    20:22:18.0877 1176 Null - ok
    20:22:18.0907 1176 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:22:18.0917 1176 nvraid - ok
    20:22:18.0937 1176 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:22:18.0937 1176 nvstor - ok
    20:22:18.0967 1176 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:22:18.0967 1176 nv_agp - ok
    20:22:18.0977 1176 NwlnkFlt - ok
    20:22:18.0987 1176 NwlnkFwd - ok
    20:22:19.0087 1176 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:22:19.0087 1176 odserv - ok
    20:22:19.0147 1176 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:22:19.0147 1176 ohci1394 - ok
    20:22:19.0177 1176 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:22:19.0187 1176 ose - ok
    20:22:19.0237 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
    20:22:19.0257 1176 p2pimsvc - ok
    20:22:19.0297 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
    20:22:19.0307 1176 p2psvc - ok
    20:22:19.0327 1176 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    20:22:19.0327 1176 Parport - ok
    20:22:19.0347 1176 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:22:19.0347 1176 partmgr - ok
    20:22:19.0367 1176 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:22:19.0377 1176 PcaSvc - ok
    20:22:19.0387 1176 [ 7A3DC4201208437D7D5C426789E92054 ] pci C:\Windows\system32\drivers\pci.sys
    20:22:19.0397 1176 pci - ok
    20:22:19.0407 1176 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    20:22:19.0407 1176 pciide - ok
    20:22:19.0427 1176 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    20:22:19.0427 1176 pcmcia - ok
    20:22:19.0467 1176 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:22:19.0507 1176 PEAUTH - ok
    20:22:19.0577 1176 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:22:19.0577 1176 PerfHost - ok
    20:22:19.0657 1176 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    20:22:19.0707 1176 pla - ok
    20:22:19.0747 1176 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:22:19.0777 1176 PlugPlay - ok
    20:22:19.0817 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    20:22:19.0827 1176 PNRPAutoReg - ok
    20:22:19.0857 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
    20:22:19.0867 1176 PNRPsvc - ok
    20:22:19.0907 1176 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:22:19.0927 1176 PolicyAgent - ok
    20:22:19.0957 1176 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:22:19.0967 1176 PptpMiniport - ok
    20:22:19.0987 1176 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    20:22:19.0987 1176 Processor - ok
    20:22:20.0027 1176 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
    20:22:20.0037 1176 ProfSvc - ok
    20:22:20.0057 1176 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:22:20.0057 1176 ProtectedStorage - ok
    20:22:20.0097 1176 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    20:22:20.0107 1176 PSched - ok
    20:22:20.0167 1176 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    20:22:20.0197 1176 ql2300 - ok
    20:22:20.0227 1176 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    20:22:20.0227 1176 ql40xx - ok
    20:22:20.0267 1176 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    20:22:20.0287 1176 QWAVE - ok
    20:22:20.0307 1176 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:22:20.0307 1176 QWAVEdrv - ok
    20:22:20.0337 1176 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:22:20.0347 1176 RasAcd - ok
    20:22:20.0387 1176 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    20:22:20.0387 1176 RasAuto - ok
    20:22:20.0427 1176 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:22:20.0427 1176 Rasl2tp - ok
    20:22:20.0467 1176 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
    20:22:20.0477 1176 RasMan - ok
    20:22:20.0527 1176 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:22:20.0527 1176 RasPppoe - ok
    20:22:20.0547 1176 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:22:20.0557 1176 RasSstp - ok
    20:22:20.0617 1176 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:22:20.0627 1176 rdbss - ok
    20:22:20.0637 1176 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:22:20.0647 1176 RDPCDD - ok
    20:22:20.0687 1176 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    20:22:20.0697 1176 rdpdr - ok
    20:22:20.0707 1176 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:22:20.0707 1176 RDPENCDD - ok
    20:22:20.0757 1176 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:22:20.0767 1176 RDPWD - ok
    20:22:20.0817 1176 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:22:20.0837 1176 RemoteAccess - ok
    20:22:20.0867 1176 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:22:20.0877 1176 RemoteRegistry - ok
    20:22:20.0897 1176 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    20:22:20.0897 1176 RpcLocator - ok
    20:22:20.0937 1176 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
    20:22:20.0957 1176 RpcSs - ok
    20:22:20.0987 1176 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:22:20.0987 1176 rspndr - ok
    20:22:21.0017 1176 [ BF55641FC2F759281B9BF59D5DAA8FDE ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
    20:22:21.0027 1176 RTL8169 - ok
    20:22:21.0037 1176 [ 108729909CE285A352A1D1CB96BB1B2E ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
    20:22:21.0037 1176 RTSTOR - ok
    20:22:21.0057 1176 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
    20:22:21.0057 1176 SamSs - ok
    20:22:21.0097 1176 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:22:21.0117 1176 sbp2port - ok
    20:22:21.0157 1176 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:22:21.0167 1176 SCardSvr - ok
    20:22:21.0217 1176 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
    20:22:21.0247 1176 Schedule - ok
    20:22:21.0287 1176 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:22:21.0287 1176 SCPolicySvc - ok
    20:22:21.0307 1176 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:22:21.0317 1176 SDRSVC - ok
    20:22:21.0347 1176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:22:21.0357 1176 secdrv - ok
    20:22:21.0377 1176 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    20:22:21.0387 1176 seclogon - ok
    20:22:21.0407 1176 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    20:22:21.0417 1176 SENS - ok
    20:22:21.0447 1176 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    20:22:21.0447 1176 Serenum - ok
    20:22:21.0457 1176 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    20:22:21.0467 1176 Serial - ok
    20:22:21.0487 1176 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    20:22:21.0487 1176 sermouse - ok
    20:22:21.0547 1176 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:22:21.0547 1176 SessionEnv - ok
    20:22:21.0567 1176 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:22:21.0567 1176 sffdisk - ok
    20:22:21.0577 1176 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:22:21.0577 1176 sffp_mmc - ok
    20:22:21.0607 1176 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:22:21.0607 1176 sffp_sd - ok
    20:22:21.0617 1176 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    20:22:21.0627 1176 sfloppy - ok
    20:22:21.0667 1176 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:22:21.0677 1176 ShellHWDetection - ok
    20:22:21.0697 1176 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    20:22:21.0697 1176 SiSRaid2 - ok
    20:22:21.0717 1176 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    20:22:21.0727 1176 SiSRaid4 - ok
    20:22:21.0807 1176 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    20:22:21.0807 1176 SkypeUpdate - ok
    20:22:21.0907 1176 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
    20:22:21.0967 1176 slsvc - ok
    20:22:21.0987 1176 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    20:22:21.0997 1176 SLUINotify - ok
    20:22:22.0057 1176 [ 79ED2D6DEC26E0FEFB93EA21F09E6A51 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    20:22:22.0077 1176 SmartFaceVWatchSrv - ok
    20:22:22.0097 1176 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:22:22.0107 1176 Smb - ok
    20:22:22.0147 1176 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:22:22.0157 1176 SNMPTRAP - ok
    20:22:22.0177 1176 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:22:22.0187 1176 spldr - ok
    20:22:22.0207 1176 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
    20:22:22.0227 1176 Spooler - ok
    20:22:22.0257 1176 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:22:22.0267 1176 srv - ok
    20:22:22.0297 1176 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:22:22.0307 1176 srv2 - ok
    20:22:22.0317 1176 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:22:22.0327 1176 srvnet - ok
    20:22:22.0347 1176 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:22:22.0357 1176 SSDPSRV - ok
    20:22:22.0387 1176 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:22:22.0397 1176 SstpSvc - ok
    20:22:22.0427 1176 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
    20:22:22.0447 1176 stisvc - ok
    20:22:22.0497 1176 SVRPEDRV - ok
    20:22:22.0537 1176 [ 409F0882AFBB34832B24370C23C550B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    20:22:22.0547 1176 swenum - ok
    20:22:22.0567 1176 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
    20:22:22.0597 1176 swprv - ok
    20:22:22.0607 1176 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    20:22:22.0607 1176 Symc8xx - ok
    20:22:22.0627 1176 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    20:22:22.0627 1176 Sym_hi - ok
    20:22:22.0657 1176 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    20:22:22.0657 1176 Sym_u3 - ok
    20:22:22.0697 1176 [ 572438150FC79E41A0348E3DC56B1DD2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    20:22:22.0697 1176 SynTP - ok
    20:22:22.0737 1176 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
    20:22:22.0757 1176 SysMain - ok
    20:22:22.0777 1176 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:22:22.0787 1176 TabletInputService - ok
    20:22:22.0807 1176 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:22:22.0827 1176 TapiSrv - ok
    20:22:22.0847 1176 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    20:22:22.0847 1176 TBS - ok
    20:22:22.0907 1176 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:22:22.0937 1176 Tcpip - ok
    20:22:22.0977 1176 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:22:22.0997 1176 Tcpip6 - ok
    20:22:23.0027 1176 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:22:23.0027 1176 tcpipreg - ok
    20:22:23.0047 1176 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
    20:22:23.0047 1176 tdcmdpst - ok
    20:22:23.0077 1176 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:22:23.0077 1176 TDPIPE - ok
    20:22:23.0097 1176 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:22:23.0097 1176 TDTCP - ok
    20:22:23.0127 1176 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:22:23.0127 1176 tdx - ok
    20:22:23.0147 1176 [ 134507AA0B5A2ACF57F657D2F956F4E1 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    20:22:23.0147 1176 TermDD - ok
    20:22:23.0187 1176 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
    20:22:23.0217 1176 TermService - ok
    20:22:23.0237 1176 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
    20:22:23.0237 1176 Themes - ok
    20:22:23.0257 1176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    20:22:23.0257 1176 THREADORDER - ok
    20:22:23.0327 1176 [ E09CAAFB2B323A6FF120CEFB96DA0A44 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    20:22:23.0327 1176 TMachInfo - ok
    20:22:23.0377 1176 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    20:22:23.0377 1176 TNaviSrv - ok
    20:22:23.0427 1176 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    20:22:23.0437 1176 TODDSrv - ok
    20:22:23.0477 1176 [ E17A81E6AD0E89630A3B0F2ED5CBBDF5 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    20:22:23.0487 1176 TosCoSrv - ok
    20:22:23.0497 1176 [ 19D979B9F6373A7CB17EBB7594FEB819 ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    20:22:23.0507 1176 TOSHIBA SMART Log Service - ok
    20:22:23.0557 1176 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
    20:22:23.0577 1176 tos_sps64 - ok
    20:22:23.0617 1176 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    20:22:23.0617 1176 TrkWks - ok
    20:22:23.0667 1176 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:22:23.0677 1176 TrustedInstaller - ok
    20:22:23.0717 1176 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:22:23.0717 1176 tssecsrv - ok
    20:22:23.0737 1176 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    20:22:23.0737 1176 tunmp - ok
    20:22:23.0777 1176 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:22:23.0777 1176 tunnel - ok
    20:22:23.0797 1176 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    20:22:23.0797 1176 TVALZ - ok
    20:22:23.0837 1176 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    20:22:23.0847 1176 uagp35 - ok
    20:22:23.0877 1176 [ 93EDD10512C981D8F5189E1C048A4280 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:22:23.0887 1176 udfs - ok
    20:22:23.0927 1176 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:22:23.0927 1176 UI0Detect - ok
    20:22:23.0997 1176 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    20:22:23.0997 1176 UleadBurningHelper - ok
    20:22:24.0017 1176 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:22:24.0027 1176 uliagpkx - ok
    20:22:24.0057 1176 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    20:22:24.0067 1176 uliahci - ok
    20:22:24.0097 1176 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    20:22:24.0097 1176 UlSata - ok
    20:22:24.0127 1176 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    20:22:24.0137 1176 ulsata2 - ok
    20:22:24.0177 1176 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    20:22:24.0177 1176 umbus - ok
    20:22:24.0207 1176 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    20:22:24.0227 1176 upnphost - ok
    20:22:24.0277 1176 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:22:24.0277 1176 USBAAPL64 - ok
    20:22:24.0317 1176 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:22:24.0317 1176 usbccgp - ok
    20:22:24.0347 1176 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:22:24.0347 1176 usbcir - ok
    20:22:24.0377 1176 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    20:22:24.0387 1176 usbehci - ok
    20:22:24.0407 1176 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:22:24.0417 1176 usbhub - ok
    20:22:24.0427 1176 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:22:24.0437 1176 usbohci - ok
    20:22:24.0477 1176 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:22:24.0487 1176 usbprint - ok
    20:22:24.0557 1176 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    20:22:24.0557 1176 usbscan - ok
    20:22:24.0607 1176 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:22:24.0607 1176 USBSTOR - ok
    20:22:24.0627 1176 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    20:22:24.0627 1176 usbuhci - ok
    20:22:24.0667 1176 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    20:22:24.0667 1176 usbvideo - ok
    20:22:24.0697 1176 [ 060B7863943625E0193A3575C0C59E52 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
    20:22:24.0707 1176 UVCFTR - ok
    20:22:24.0727 1176 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
    20:22:24.0737 1176 UxSms - ok
    20:22:24.0787 1176 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
    20:22:24.0807 1176 vds - ok
    20:22:24.0837 1176 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:22:24.0837 1176 vga - ok
    20:22:24.0867 1176 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:22:24.0867 1176 VgaSave - ok
    20:22:24.0887 1176 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    20:22:24.0887 1176 viaide - ok
    20:22:24.0917 1176 [ 28B52D1F950B36E03819013D0B7514BC ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:22:24.0917 1176 volmgr - ok
    20:22:24.0947 1176 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:22:24.0957 1176 volmgrx - ok
    20:22:24.0967 1176 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:22:24.0977 1176 volsnap - ok
    20:22:25.0007 1176 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    20:22:25.0017 1176 vsmraid - ok
    20:22:25.0087 1176 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
    20:22:25.0127 1176 VSS - ok
    20:22:25.0167 1176 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
    20:22:25.0187 1176 W32Time - ok
    20:22:25.0217 1176 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    20:22:25.0217 1176 WacomPen - ok
    20:22:25.0237 1176 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    20:22:25.0247 1176 Wanarp - ok
    20:22:25.0247 1176 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:22:25.0257 1176 Wanarpv6 - ok
    20:22:25.0297 1176 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:22:25.0327 1176 wcncsvc - ok
    20:22:25.0347 1176 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:22:25.0347 1176 WcsPlugInService - ok
    20:22:25.0397 1176 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    20:22:25.0397 1176 Wd - ok
    20:22:25.0457 1176 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:22:25.0477 1176 Wdf01000 - ok
    20:22:25.0507 1176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:22:25.0507 1176 WdiServiceHost - ok
    20:22:25.0517 1176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:22:25.0527 1176 WdiSystemHost - ok
    20:22:25.0557 1176 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
    20:22:25.0577 1176 WebClient - ok
    20:22:25.0607 1176 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:22:25.0617 1176 Wecsvc - ok
    20:22:25.0637 1176 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:22:25.0647 1176 wercplsupport - ok
    20:22:25.0667 1176 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:22:25.0677 1176 WerSvc - ok
    20:22:25.0697 1176 WinHttpAutoProxySvc - ok
    20:22:25.0747 1176 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:22:25.0757 1176 Winmgmt - ok
    20:22:25.0837 1176 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    20:22:25.0907 1176 WinRM - ok
    20:22:25.0957 1176 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:22:25.0977 1176 Wlansvc - ok
    20:22:25.0997 1176 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:22:25.0997 1176 WmiAcpi - ok
    20:22:26.0037 1176 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:22:26.0037 1176 wmiApSrv - ok
    20:22:26.0067 1176 WMPNetworkSvc - ok
    20:22:26.0107 1176 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:22:26.0117 1176 WPCSvc - ok
    20:22:26.0127 1176 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:22:26.0137 1176 WPDBusEnum - ok
    20:22:26.0177 1176 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    20:22:26.0177 1176 WpdUsb - ok
    20:22:26.0277 1176 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:22:26.0307 1176 WPFFontCache_v0400 - ok
    20:22:26.0347 1176 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:22:26.0347 1176 ws2ifsl - ok
    20:22:26.0357 1176 WSearch - ok
    20:22:26.0407 1176 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:22:26.0407 1176 WUDFRd - ok
    20:22:26.0447 1176 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:22:26.0457 1176 wudfsvc - ok
    20:22:26.0537 1176 ================ Scan global ===============================
    20:22:26.0567 1176 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    20:22:26.0617 1176 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
    20:22:26.0657 1176 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
    20:22:26.0697 1176 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
    20:22:26.0727 1176 [Global] - ok
    20:22:26.0727 1176 ================ Scan MBR ==================================
    20:22:26.0737 1176 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    20:22:27.0247 1176 \Device\Harddisk0\DR0 - ok
    20:22:27.0257 1176 ================ Scan VBR ==================================
    20:22:27.0257 1176 [ D768FE5158107B69A3A1BF7A0E398E34 ] \Device\Harddisk0\DR0\Partition1
    20:22:27.0257 1176 \Device\Harddisk0\DR0\Partition1 - ok
    20:22:27.0257 1176 ============================================================
    20:22:27.0257 1176 Scan finished
    20:22:27.0257 1176 ============================================================
    20:22:27.0277 5956 Detected object count: 0
    20:22:27.0277 5956 Actual detected object count: 0

    --------------------------------------------------------------------------------
  11. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    --------------------------------------------------------------------------------


    RogueKiller log from initial scan before blue screen

    --------------------------------------------------------------------------------
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : resham [Admin rights]
    Mode : Scan -- Date : 09/19/2012 20:33:20

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3902824652-3120505283-713476528-1000[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3902824652-3120505283-713476528-1000[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\@ --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
    --- User ---
    [MBR] 514a22f70c1395db49d195faab80b841
    [BSP] bd24df34669357fa5d38b5181205fde2 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295477 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608210944 | Size: 8267 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt



    --------------------------------------------------------------------------------------------

    Rouge killer scan 2
    ---------------------------------------------------------------------------------------------

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : resham [Admin rights]
    Mode : Remove -- Date : 09/19/2012 20:34:04

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\80000032.@ --> REMOVED
    [Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\80000064.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
    --- User ---
    [MBR] 514a22f70c1395db49d195faab80b841
    [BSP] bd24df34669357fa5d38b5181205fde2 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295477 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608210944 | Size: 8267 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt



    ---------------------------------------------------------------------------------------------------------------------------------------------------------

    Aswmbr scan log before complete
    -------------------------------------------------------------------------------------------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-19 20:45:28
    -----------------------------
    20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
    20:45:28.973 Number of processors: 2 586 0xF0D
    20:45:28.973 ComputerName: RESHAM-PC UserName: resham
    20:45:31.937 Initialize success
    20:45:32.124 AVAST engine defs: 12091901
    20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
    20:45:40.408 Disk 0 MBR read successfully
    20:45:40.423 Disk 0 MBR scan
    20:45:40.423 Disk 0 Windows VISTA default MBR code
    20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
    20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
    20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
    20:45:58.738 Service scanning
    20:46:18.487 Modules scanning
    20:46:18.487 Disk 0 trace - called modules:
    20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
    20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
    20:46:20.375 AVAST engine scan C:\Windows
    20:46:34.664 AVAST engine scan C:\Windows\system32
    20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
    20:51:41.780 AVAST engine scan C:\Users\resham
    20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-19 20:45:28
    -----------------------------
    20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
    20:45:28.973 Number of processors: 2 586 0xF0D
    20:45:28.973 ComputerName: RESHAM-PC UserName: resham
    20:45:31.937 Initialize success
    20:45:32.124 AVAST engine defs: 12091901
    20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
    20:45:40.408 Disk 0 MBR read successfully
    20:45:40.423 Disk 0 MBR scan
    20:45:40.423 Disk 0 Windows VISTA default MBR code
    20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
    20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
    20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
    20:45:58.738 Service scanning
    20:46:18.487 Modules scanning
    20:46:18.487 Disk 0 trace - called modules:
    20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
    20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
    20:46:20.375 AVAST engine scan C:\Windows
    20:46:34.664 AVAST engine scan C:\Windows\system32
    20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
    20:51:41.780 AVAST engine scan C:\Users\resham
    20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
    20:58:43.352 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    20:58:43.372 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"


    -------------------------------------------------------------------------------------------------------------
    ASWMBR scan 2 after complete
    -------------------------------------------------------------------------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-19 20:45:28
    -----------------------------
    20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
    20:45:28.973 Number of processors: 2 586 0xF0D
    20:45:28.973 ComputerName: RESHAM-PC UserName: resham
    20:45:31.937 Initialize success
    20:45:32.124 AVAST engine defs: 12091901
    20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
    20:45:40.408 Disk 0 MBR read successfully
    20:45:40.423 Disk 0 MBR scan
    20:45:40.423 Disk 0 Windows VISTA default MBR code
    20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
    20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
    20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
    20:45:58.738 Service scanning
    20:46:18.487 Modules scanning
    20:46:18.487 Disk 0 trace - called modules:
    20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
    20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
    20:46:20.375 AVAST engine scan C:\Windows
    20:46:34.664 AVAST engine scan C:\Windows\system32
    20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
    20:51:41.780 AVAST engine scan C:\Users\resham
    20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
    20:58:43.352 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    20:58:43.372 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
    20:59:37.203 File: C:\Users\resham\AppData\Roaming\ethri.dll **INFECTED** Win32:Agent-APXM [Trj]
    21:10:26.475 AVAST engine scan C:\ProgramData
    21:12:53.882 Scan finished successfully
    21:24:05.100 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
    21:24:05.110 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR2.txt"
  12. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  13. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Reopened.
     
  14. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Here are the logs you requested sorry for the delay, I have been terribly busy.
    Frst------------------------------------------------------------------------------------------------------------------
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012 (ATTENTION: FRST version is 6 days old)
    Ran by SYSTEM at 01-10-2012 13:29:42
    Running from G:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)
    HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
    HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)
    HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
    HKLM-x32\...\Run: [NDSTray.exe] NDSTray.exe [x]
    HKLM-x32\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
    HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide [1242424 2008-08-04] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
    HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" [x]
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-02-16] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
    HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [69120 2008-01-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
    HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
    HKU\Mina pks\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
    HKU\Mina pks\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
    HKU\Mina pks\...\Policies\system: [LogonHoursAction] 2
    HKU\Mina pks\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\resham\...\Run: [TOSCDSPD] TOSCDSPD.EXE [x]
    HKU\resham\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-03-17] (Google Inc.)
    HKU\resham\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\resham\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
    HKU\resham\...\Run: [Spotify] "C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-09-02] (Spotify Ltd)
    HKU\resham\...\Run: [Spotify Web Helper] "C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-02] ()
    HKU\resham\...\Policies\system: [LogonHoursAction] 2
    HKU\resham\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Resham2\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
    HKU\Resham2\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
    HKU\Resham2\...\Policies\system: [LogonHoursAction] 2
    HKU\Resham2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\tearsa\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
    HKU\tearsa\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
    HKU\tearsa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-03-17] (Google Inc.)
    HKU\tearsa\...\Policies\system: [LogonHoursAction] 2
    HKU\tearsa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427 [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\resham\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Services (Whitelisted) ===================

    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
    3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
    2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
    2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

    ==================== Drivers (Whitelisted) =====================

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-08-21] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
    3 ATMFBUS; C:\Windows\System32\Drivers\ATMFBUS.sys [63488 2009-10-01] (DEVGURU Co., LTD.)
    3 ATMFCVsp; C:\Windows\System32\Drivers\ATMFCVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ATMFFLT; C:\Windows\System32\Drivers\ATMFFLT.sys [15872 2009-10-01] (DEVGURU Co., LTD.)
    3 ATMFMdm; C:\Windows\System32\Drivers\ATMFMdm.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ATMFNET; C:\Windows\System32\Drivers\ATMFNET.sys [133632 2009-10-01] (DEVGURU Co., LTD.)
    3 ATMFNVsp; C:\Windows\System32\Drivers\ATMFNVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 ATMFVsp; C:\Windows\System32\Drivers\ATMFVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-30 23:56 - 2012-09-30 23:59 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_resham.job
    2012-09-30 23:56 - 2012-09-30 23:56 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
    2012-09-30 23:56 - 2012-09-30 23:56 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_resham.job
    2012-09-26 18:24 - 2012-09-26 18:24 - 01455249 ____A (Farbar) C:\Users\resham\Downloads\FRST64.exe
    2012-09-19 19:42 - 2012-09-19 19:42 - 00269872 ____A C:\Windows\Minidump\Mini091912-01.dmp
    2012-09-18 20:16 - 2012-09-18 20:16 - 00000000 ____D C:\Users\resham\AppData\Local\Apps\2.0
    2012-09-18 16:37 - 2012-09-18 17:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-18 16:37 - 2012-09-18 16:37 - 00000901 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-18 16:37 - 2012-09-18 16:37 - 00000000 ____D C:\Users\resham\Desktop\Malwarebytes' Anti-Malware
    2012-09-18 16:37 - 2012-09-18 16:37 - 00000000 ____D C:\Users\resham\AppData\Roaming\Malwarebytes
    2012-09-18 16:37 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-18 16:25 - 2012-09-18 16:26 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\resham\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-17 23:56 - 2012-09-17 23:56 - 00330026 ____A C:\Users\resham\AppData\Local\dd_vcredistMSI7574.txt
    2012-09-17 23:56 - 2012-09-17 23:56 - 00016638 ____A C:\Users\resham\AppData\Local\dd_vcredistUI7574.txt
    2012-09-17 23:56 - 2012-09-17 23:56 - 00001796 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-09-17 23:56 - 2012-09-17 23:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-09-17 23:56 - 2012-09-17 23:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-09-17 23:56 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-09-17 23:56 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-09-17 23:56 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-09-17 23:56 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-09-17 23:56 - 2012-08-21 01:13 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-09-17 23:56 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-09-17 23:56 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-09-17 23:56 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-09-17 23:56 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-09-17 23:55 - 2012-09-17 23:55 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-09-17 23:55 - 2012-09-17 23:55 - 00000000 ____D C:\Program Files\AVAST Software
    2012-09-17 23:44 - 2012-09-17 23:54 - 93654616 ____A C:\Users\resham\Downloads\avast_free_antivirus_setup.exe
    2012-09-17 22:34 - 2012-09-17 22:47 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-09-17 22:34 - 2012-09-17 22:34 - 00000000 ____D C:\Program Files\Enigma Software Group
    2012-09-17 22:29 - 2012-09-17 22:48 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-09-17 22:29 - 2012-09-17 22:29 - 00000000 ____D C:\Users\resham\AppData\Roaming\SpeedyPC Software
    2012-09-17 22:29 - 2012-09-17 22:29 - 00000000 ____D C:\Users\resham\AppData\Roaming\DriverCure
    2012-09-17 22:25 - 2012-09-17 22:25 - 00001205 ____A C:\Users\resham\Downloads\FixNCR.reg
    2012-09-17 22:17 - 2012-09-17 22:17 - 00000732 ____A C:\Users\resham\AppData\Local\d3d9caps64.dat
    2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Macromedia
    2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Adobe
    2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Local\Macromedia
    2012-09-17 21:41 - 2012-09-17 21:41 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Mozilla
    2012-09-17 21:41 - 2012-09-17 21:41 - 00000000 ____D C:\Users\Resham2\AppData\Local\Mozilla
    2012-09-17 21:39 - 2012-09-17 21:39 - 00092112 ____A C:\Users\Resham2\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-17 21:39 - 2012-09-17 21:39 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Real
    2012-09-17 21:39 - 2012-09-17 21:39 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Apple Computer
    2012-09-17 21:38 - 2012-09-17 21:39 - 00000000 ____D C:\users\Resham2
    2012-09-17 21:38 - 2012-09-17 21:38 - 00000632 _RASH C:\Users\Resham2\ntuser.pol
    2012-09-17 21:38 - 2012-09-17 21:38 - 00000020 __ASH C:\Users\Resham2\ntuser.ini
    2012-09-17 21:38 - 2012-09-17 21:38 - 00000000 ____D C:\Users\Resham2\AppData\Local\VirtualStore
    2012-09-17 21:38 - 2012-08-28 18:27 - 00000000 ____D C:\Users\Resham2\AppData\Local\Eastman_Kodak_Company
    2012-09-17 21:38 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\DPInst.exe
    2012-09-17 21:38 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\gacutil.exe
    2012-09-17 21:38 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\PnPutil.exe
    2012-09-17 21:38 - 2012-08-23 16:50 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\KODAK AiO Home Center726472109
    2012-09-17 21:38 - 2011-04-10 02:04 - 00000000 ____D C:\Users\Resham2\AppData\Local\Microsoft Help
    2012-09-17 21:15 - 2012-09-17 21:28 - 00000000 ____A C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-17 21:15 - 2012-09-17 21:15 - 00404992 ____A (C-Media Electronics Inc.) C:\Users\resham\AppData\Roaming\ethri.dll
    2012-09-17 21:15 - 2012-09-17 21:15 - 00000000 ____D C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
    2012-09-16 04:42 - 2012-09-16 04:43 - 05190021 ____A C:\Users\resham\Downloads\Tearsa mmmm.MOV
    2012-09-15 11:10 - 2012-09-15 11:10 - 00000000 ____D C:\Users\Mina pks\AppData\Local\Adobe
    2012-09-12 23:38 - 2012-09-12 23:40 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(2).exe
    2012-09-12 23:38 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(1).exe
    2012-09-12 23:36 - 2012-09-12 23:36 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64.exe
    2012-09-11 20:39 - 2012-09-11 20:39 - 00245675 ____A C:\Users\resham\Downloads\photo.php
    2012-09-11 17:51 - 2012-09-11 17:51 - 00014788 ____A C:\Users\resham\Downloads\[isoHunt] Crimes.and.Misdemeanors..Xvid.DVD.RIP.torrent
    2012-09-09 18:09 - 2012-09-09 18:09 - 00000000 ____D C:\Windows\System32\kodak
    2012-09-09 17:12 - 2012-09-09 17:12 - 00000000 ____D C:\Windows\SysWOW64\spool
    2012-09-07 20:46 - 2012-09-07 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-07 05:27 - 2012-09-07 05:27 - 00000000 ____D C:\Users\Mina pks\AppData\Local\Apple
    2012-09-03 19:31 - 2012-09-03 19:31 - 00000000 ____D C:\Users\tearsa\AppData\Roaming\Macromedia
    2012-09-03 19:31 - 2012-09-03 19:31 - 00000000 ____D C:\Users\tearsa\AppData\Local\Macromedia
    2012-09-03 19:30 - 2012-09-03 19:30 - 00000906 _RASH C:\Users\tearsa\ntuser.pol
    2012-09-02 19:37 - 2012-10-01 12:20 - 00000000 ____D C:\Users\resham\AppData\Local\Spotify
    2012-09-02 19:36 - 2012-10-01 12:24 - 00000000 ____D C:\Users\resham\AppData\Roaming\Spotify
    2012-09-02 19:35 - 2012-09-02 19:36 - 17617480 ____A (Spotify Ltd) C:\Users\resham\Downloads\Spotify Installer.exe
    2012-09-02 16:40 - 2012-09-07 20:08 - 00000000 ____D C:\Users\Mina pks\AppData\Roaming\Skype


    ==================== 3 Months Modified Files ==================

    2012-10-01 12:24 - 2006-11-02 07:42 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-01 12:24 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-01 12:24 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-01 12:24 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-01 11:57 - 2009-09-27 13:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-01 00:48 - 2012-08-22 16:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-30 23:59 - 2012-09-30 23:56 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_resham.job
    2012-09-30 23:56 - 2012-09-30 23:56 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
    2012-09-30 23:56 - 2012-09-30 23:56 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_resham.job
    2012-09-30 21:57 - 2009-09-27 13:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-09-26 18:24 - 2012-09-26 18:24 - 01455249 ____A (Farbar) C:\Users\resham\Downloads\FRST64.exe
    2012-09-26 18:19 - 2006-11-02 04:46 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-26 18:17 - 2011-03-28 21:26 - 00015616 ____A C:\Windows\setupact.log
    2012-09-20 22:48 - 2012-08-22 16:28 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-09-20 22:48 - 2012-08-22 16:28 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-19 19:42 - 2012-09-19 19:42 - 00269872 ____A C:\Windows\Minidump\Mini091912-01.dmp
    2012-09-19 19:42 - 2011-07-24 17:05 - 540251821 ____A C:\Windows\MEMORY.DMP
    2012-09-18 19:52 - 2008-01-20 19:26 - 00084794 ____A C:\Windows\PFRO.log
    2012-09-18 16:37 - 2012-09-18 16:37 - 00000901 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-18 16:26 - 2012-09-18 16:25 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\resham\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-17 23:56 - 2012-09-17 23:56 - 00330026 ____A C:\Users\resham\AppData\Local\dd_vcredistMSI7574.txt
    2012-09-17 23:56 - 2012-09-17 23:56 - 00016638 ____A C:\Users\resham\AppData\Local\dd_vcredistUI7574.txt
    2012-09-17 23:56 - 2012-09-17 23:56 - 00001796 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2012-09-17 23:56 - 2012-09-17 23:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
    2012-09-17 23:56 - 2012-09-17 23:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-09-17 23:56 - 2011-03-23 19:57 - 00001356 ____A C:\Users\resham\AppData\Local\d3d9caps.dat
    2012-09-17 23:54 - 2012-09-17 23:44 - 93654616 ____A C:\Users\resham\Downloads\avast_free_antivirus_setup.exe
    2012-09-17 22:25 - 2012-09-17 22:25 - 00001205 ____A C:\Users\resham\Downloads\FixNCR.reg
    2012-09-17 22:17 - 2012-09-17 22:17 - 00000732 ____A C:\Users\resham\AppData\Local\d3d9caps64.dat
    2012-09-17 22:10 - 2009-03-17 11:09 - 01471044 ____A C:\Windows\WindowsUpdate.log
    2012-09-17 21:39 - 2012-09-17 21:39 - 00092112 ____A C:\Users\Resham2\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-17 21:38 - 2012-09-17 21:38 - 00000632 _RASH C:\Users\Resham2\ntuser.pol
    2012-09-17 21:38 - 2012-09-17 21:38 - 00000020 __ASH C:\Users\Resham2\ntuser.ini
    2012-09-17 21:28 - 2012-09-17 21:15 - 00000000 ____A C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    2012-09-17 21:15 - 2012-09-17 21:15 - 00404992 ____A (C-Media Electronics Inc.) C:\Users\resham\AppData\Roaming\ethri.dll
    2012-09-17 21:14 - 2010-08-22 03:26 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-09-16 04:43 - 2012-09-16 04:42 - 05190021 ____A C:\Users\resham\Downloads\Tearsa mmmm.MOV
    2012-09-12 23:40 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(2).exe
    2012-09-12 23:38 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(1).exe
    2012-09-12 23:36 - 2012-09-12 23:36 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64.exe
    2012-09-12 02:00 - 2006-11-02 04:35 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-09-11 20:39 - 2012-09-11 20:39 - 00245675 ____A C:\Users\resham\Downloads\photo.php
    2012-09-11 17:57 - 2009-09-26 20:09 - 00036352 ____A C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-09-11 17:51 - 2012-09-11 17:51 - 00014788 ____A C:\Users\resham\Downloads\[isoHunt] Crimes.and.Misdemeanors..Xvid.DVD.RIP.torrent
    2012-09-07 16:04 - 2012-09-18 16:37 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-03 19:30 - 2012-09-03 19:30 - 00000906 _RASH C:\Users\tearsa\ntuser.pol
    2012-09-03 19:30 - 2011-03-25 08:03 - 00092112 ____A C:\Users\tearsa\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-02 19:36 - 2012-09-02 19:35 - 17617480 ____A (Spotify Ltd) C:\Users\resham\Downloads\Spotify Installer.exe
    2012-09-02 16:40 - 2012-08-23 20:54 - 00002499 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-08-31 03:28 - 2012-08-31 03:27 - 01439183 ____A C:\Users\resham\Downloads\Paronychodon.pptx
    2012-08-30 19:12 - 2012-08-30 19:12 - 00269872 ____A C:\Windows\Minidump\Mini083012-01.dmp
    2012-08-28 18:27 - 2012-08-28 18:27 - 00002070 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
    2012-08-28 18:25 - 2012-08-28 18:25 - 00001989 ____A C:\Users\Public\Desktop\Get CleanPrint.lnk
    2012-08-26 17:54 - 2012-08-26 17:53 - 02850872 ____A C:\Users\resham\Downloads\rj10.m4a
    2012-08-26 17:52 - 2012-08-26 17:52 - 02470217 ____A C:\Users\resham\Downloads\rj11.m4a
    2012-08-25 10:57 - 2012-08-25 10:57 - 00092112 ____A C:\Users\Mina pks\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-25 10:57 - 2012-08-25 10:57 - 00000910 _RASH C:\Users\Mina pks\ntuser.pol
    2012-08-25 10:57 - 2012-08-25 10:57 - 00000020 ___SH C:\Users\Mina pks\ntuser.ini
    2012-08-25 10:56 - 2012-08-25 10:56 - 00000632 _RASH C:\Users\resham\ntuser.pol
    2012-08-23 20:52 - 2012-08-23 20:52 - 00946352 ____A (Skype Technologies S.A.) C:\Users\resham\Downloads\SkypeSetup.exe
    2012-08-23 16:50 - 2012-09-17 21:38 - 00800824 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\DPInst.exe
    2012-08-23 16:50 - 2012-09-17 21:38 - 00106496 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\gacutil.exe
    2012-08-23 16:50 - 2012-09-17 21:38 - 00036352 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\PnPutil.exe
    2012-08-23 16:50 - 2012-08-25 10:57 - 00800824 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\DPInst.exe
    2012-08-23 16:50 - 2012-08-25 10:57 - 00106496 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\gacutil.exe
    2012-08-23 16:50 - 2012-08-25 10:57 - 00036352 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\PnPutil.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\DPInst.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\gacutil.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
    2012-08-23 16:50 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\PnPutil.exe
    2012-08-22 16:28 - 2012-08-22 16:28 - 00002012 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2012-08-21 22:41 - 2011-04-06 21:43 - 00000162 ____A C:\Users\resham\AppData\Roaming\wklnhst.dat
    2012-08-21 01:13 - 2012-09-17 23:56 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-08-21 01:13 - 2012-09-17 23:56 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-08-21 01:13 - 2012-09-17 23:56 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-08-21 01:13 - 2012-09-17 23:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-08-21 01:13 - 2012-09-17 23:56 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-08-21 01:13 - 2012-09-17 23:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-08-21 01:12 - 2012-09-17 23:56 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-21 01:12 - 2012-09-17 23:56 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
    2012-08-21 01:12 - 2012-09-17 23:56 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-08-20 17:20 - 2012-08-20 17:15 - 39483256 ____A (Apple Inc.) C:\Users\resham\Downloads\QuickTimeInstaller.exe
    2012-08-20 13:48 - 2011-09-19 18:27 - 00044758 ____A C:\Users\resham\AppData\Local\installer.log
    2012-07-08 23:11 - 2012-07-08 23:11 - 00384844 ____A C:\Users\resham\AppData\Local\funmoods-speeddial.crx


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-09-04 07:59:20
    Restore point made on: 2012-09-04 23:00:26
    Restore point made on: 2012-09-06 06:07:34
    Restore point made on: 2012-09-07 00:57:00
    Restore point made on: 2012-09-08 06:35:38
    Restore point made on: 2012-09-09 01:13:27
    Restore point made on: 2012-09-09 17:14:20
    Restore point made on: 2012-09-09 17:15:40
    Restore point made on: 2012-09-10 07:10:06
    Restore point made on: 2012-09-11 02:07:07
    Restore point made on: 2012-09-11 23:44:46
    Restore point made on: 2012-09-12 02:00:28
    Restore point made on: 2012-09-13 00:37:17
    Restore point made on: 2012-09-18 17:36:57
    Restore point made on: 2012-09-18 17:40:51
    Restore point made on: 2012-09-20 05:50:16
    Restore point made on: 2012-09-22 12:16:05
    Restore point made on: 2012-09-23 18:16:15
    Restore point made on: 2012-09-24 17:57:36
    Restore point made on: 2012-09-28 19:08:27
    Restore point made on: 2012-09-30 21:47:22

    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 3963.07 MB
    Available physical RAM: 3430.53 MB
    Total Pagefile: 3714.56 MB
    Available Pagefile: 3400.66 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: (SQ004817V03) (Fixed) (Total:288.55 GB) (Free:188.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
    5 Drive g: (PF'S FLASH) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 1908 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 1500 MB 1024 KB
    Partition 2 Primary 289 GB 1501 MB
    Partition 3 Primary 8 GB 290 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C SQ004817V03 NTFS Partition 289 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1908 MB 16 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 G PF'S FLASH FAT32 Removable 1908 MB Healthy

    =========================================================

    Last Boot: 2012-09-26 18:22

    ==================== End Of Log =============================
  15. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    search----------------------------------------------------------------------------------------------------------------------------------------------
    Farbar Recovery Scan Tool (x64) Version: 25-09-2012
    Ran by SYSTEM at 2012-10-01 13:32:53
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-26 10:45] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-09-26 10:45] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    ====== End Of Search ======


    Thanks again for all your help Broni.
  16. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    That actually looks good.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  17. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Hey Broni how can I be sure that all the hidden anti-virus, script blocking and any anti-malware real-time protectionare turned off ? I ran the Combofix and a window popped up saying that I had a free version of avg 2011 running.I thought that I uninstalled it ? I subsequently found it running in firefox and turned that off I just want to be sure before I proceed with the scan as it says it can damage my computer.
  18. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    You're good to run Combofix.
  19. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Here is my combo fix log, thanks Broni :D

    ------------------------------------------------------------------------------------------------------------
    ComboFix 12-09-30.03 - resham 10/01/2012 19:47:14.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2298 [GMT -7:00]
    Running from: c:\users\resham\Contacts\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Default\AppData\Roaming\DPInst.exe
    c:\users\Default\AppData\Roaming\gacutil.exe
    c:\users\Default\AppData\Roaming\PnPutil.exe
    c:\users\Mina pks\AppData\Roaming\DPInst.exe
    c:\users\Mina pks\AppData\Roaming\gacutil.exe
    c:\users\Mina pks\AppData\Roaming\PnPutil.exe
    c:\users\resham\AppData\Roaming\ethri.dll
    c:\users\resham\AppData\Roaming\Microsoft\cmd32.exe
    c:\users\resham\AppData\Roaming\Microsoft\eniscom.exe
    c:\users\resham\AppData\Roaming\Microsoft\hamsn.exe
    c:\users\resham\AppData\Roaming\Microsoft\mscng.exe
    c:\users\resham\Documents\~WRL0003.tmp
    c:\users\Resham2\AppData\Roaming\DPInst.exe
    c:\users\Resham2\AppData\Roaming\gacutil.exe
    c:\users\Resham2\AppData\Roaming\PnPutil.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-02 03:00 . 2012-10-02 03:03 -------- d-----w- c:\users\resham\AppData\Local\temp
    2012-10-02 03:00 . 2012-10-02 03:00 -------- d-----w- c:\users\tearsa\AppData\Local\temp
    2012-10-01 21:29 . 2012-10-01 21:29 -------- d-----w- C:\FRST
    2012-09-19 04:16 . 2012-09-19 04:16 -------- d-----w- c:\users\resham\AppData\Local\Apps
    2012-09-19 00:37 . 2012-09-19 00:37 -------- d-----w- c:\users\resham\AppData\Roaming\Malwarebytes
    2012-09-19 00:37 . 2012-09-19 01:10 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-19 00:37 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-18 07:56 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-09-18 07:56 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-09-18 07:56 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-09-18 07:56 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-09-18 07:56 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-09-18 07:56 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-09-18 07:56 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-09-18 07:56 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
    2012-09-18 07:56 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-09-18 07:55 . 2012-09-18 07:55 -------- d-----w- c:\programdata\AVAST Software
    2012-09-18 07:55 . 2012-09-18 07:55 -------- d-----w- c:\program files\AVAST Software
    2012-09-18 06:34 . 2012-09-18 06:34 -------- d-----w- c:\program files\Enigma Software Group
    2012-09-18 06:34 . 2012-09-18 06:47 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
    2012-09-18 06:34 . 2012-09-18 06:34 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-09-18 06:29 . 2012-09-18 06:29 -------- d-----w- c:\users\resham\AppData\Roaming\SpeedyPC Software
    2012-09-18 06:29 . 2012-09-18 06:29 -------- d-----w- c:\users\resham\AppData\Roaming\DriverCure
    2012-09-18 06:29 . 2012-09-18 06:48 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-09-18 05:38 . 2012-09-18 05:39 -------- d-----w- c:\users\Resham2
    2012-09-18 05:15 . 2012-09-18 05:15 -------- d-----w- c:\users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
    2012-09-15 19:10 . 2012-09-15 19:10 -------- d-----w- c:\users\Mina pks\AppData\Local\Adobe
    2012-09-10 02:09 . 2012-09-10 02:09 -------- d-----w- c:\windows\system32\kodak
    2012-09-10 02:08 . 2011-06-17 00:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
    2012-09-10 01:12 . 2012-09-10 01:12 -------- d-----w- c:\windows\SysWow64\spool
    2012-09-07 13:27 . 2012-09-07 13:27 -------- d-----w- c:\users\Mina pks\AppData\Local\Apple
    2012-09-04 03:31 . 2012-09-04 03:31 -------- d-----w- c:\users\tearsa\AppData\Local\Macromedia
    2012-09-03 03:37 . 2012-10-02 00:47 -------- d-----w- c:\users\resham\AppData\Local\Spotify
    2012-09-03 03:36 . 2012-10-02 01:22 -------- d-----w- c:\users\resham\AppData\Roaming\Spotify
    2012-09-03 00:40 . 2012-09-08 04:08 -------- d-----w- c:\users\Mina pks\AppData\Roaming\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-21 06:48 . 2012-08-23 00:28 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-21 06:48 . 2012-08-23 00:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-12 10:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "Spotify"="c:\users\resham\AppData\Roaming\Spotify\Spotify.exe" [2012-09-03 5576408]
    "Spotify Web Helper"="c:\users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-03 1193176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-02-16 273544]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...isxLUNJRDEwKzEtQ0lEKzEw&prod=90&ver=10.0.1427" [?]
    .
    c:\users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 06:48]
    .
    2012-09-18 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 21:28]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 21:28]
    .
    2012-10-01 c:\windows\Tasks\ReclaimerUpdateFiles_resham.job
    - c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
    .
    2012-10-01 c:\windows\Tasks\ReclaimerUpdateXML_resham.job
    - c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
    .
    2012-10-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
    - c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
    "RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.15.1
    FF - ProfilePath - c:\users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bb7ed80c7-6dcb-43e3-921b-32815c5c005f%7D&mid=bd1e2c2048de47d69623d1e980e4e9f3-75d5b143e8225633ea1002530ff6a12a622dbe1b&ds=AVG&v=12.2.5.32&lang=us&pr=pa&d=2012-01-13%2019%3A03%3A25&sap=ku&q=
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575&q=
    FF - user.js: extensions.funmoods.id - 0024D2326C0F61F4
    FF - user.js: extensions.funmoods.instlDay - 15530
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:11
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - axl
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
    Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
    Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\Jumpstart\jswtrayutil.exe
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
    c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-01 20:10:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-02 03:10
    .
    Pre-Run: 201,748,008,960 bytes free
    Post-Run: 202,735,058,944 bytes free
    .
    - - End Of File - - 1CEC014B00884A9FD4610136E4CE2FB0
  20. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Looks good.

    How is computer doing?

    ==========================

    Please clarify your AV situation.
    I can see some items from AVG and Avast.
    Which one is your current AV program?

    ============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    I am currently using avast for an AV, as for AVG, it seems to be pretty hard to get rid of , ironic. My computer seem to be doing fine although I do get redirected alot when doing google searches, often to some completely unrelated advertisement. other than that it seems pretty good.will post my logs shortly
    Thanks again Broni your a G
  22. Broni

    Broni Malware Annihilator Posts: 45,188   +242

  23. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    I just use firefox, any sugestions for a better browser would be heeded.

    Hey are my logs split into up in to several posts
    OTL.txt--------------------------------------------------------------------------------------------------------------------------------
    OTL logfile created on: 10/1/2012 9:21:50 PM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\resham\Contacts\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.89% Memory free
    7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.55 Gb Total Space | 188.89 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
    Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.88% Space Free | Partition Type: FAT32

    Computer Name: RESHAM-PC | User Name: resham | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/01 21:20:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
    PRC - [2012/09/02 20:36:58 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\resham\AppData\Roaming\Spotify\spotify.exe
    PRC - [2012/09/02 20:36:56 | 001,193,176 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2011/02/16 01:55:54 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
    PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/02 20:36:57 | 020,219,096 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\libcef.dll
    MOD - [2012/09/02 20:36:56 | 001,193,176 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2008/04/24 18:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2012/09/20 23:48:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 21:46:38 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
    SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2008/08/04 14:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/05/28 16:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
    SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/21 02:13:13 | 000,969,200 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/08/21 02:13:13 | 000,359,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/08/21 02:13:13 | 000,059,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/08/21 02:13:12 | 000,071,600 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/08/21 02:13:12 | 000,044,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
    DRV:64bit: - [2012/08/21 02:13:11 | 000,025,232 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNVsp.sys -- (ATMFNVsp)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFMdm.sys -- (ATMFMdm)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFCVsp.sys -- (ATMFCVsp)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,133,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNET.sys -- (ATMFNET)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFBUS.sys -- (ATMFBUS)
    DRV:64bit: - [2009/10/01 03:51:12 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFFLT.sys -- (ATMFFLT)
    DRV:64bit: - [2009/10/01 03:51:10 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFVsp.sys -- (ATMFVsp)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/07/28 15:55:28 | 001,146,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2008/06/12 18:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/04/15 10:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/04/02 17:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2007/12/11 14:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2007/12/06 18:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2006/11/19 22:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
    DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {520ABFF0-7C64-4D2B-8ADA-2DF7F4B51D3A}
    IE:64bit: - HKLM\..\SearchScopes\{520ABFF0-7C64-4D2B-8ADA-2DF7F4B51D3A}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
    IE - HKLM\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
    IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes,Backup.Old.DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7TSHB_enUS345US345
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartPage={startPage}&rlz=1I7TSHB_enUS345US345
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...12a622dbe1b&lang=us&ds=AVG&pr=pa&d=2012-01-13 19:03:25&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80229&lng=en
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=us&pr=pa&d=2012-01-13 19:03:25&sap=ku&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/16 01:56:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:46:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}: C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}\ [2012/09/17 22:15:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:46:39 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/03/25 02:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\resham\AppData\Roaming\Mozilla\Extensions
    [2012/09/22 12:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\extensions
    [2012/07/09 00:12:27 | 000,002,329 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\searchplugins\Search.xml
    [2012/09/07 21:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/17 22:15:25 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RESHAM\APPDATA\LOCAL\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
    [2009/09/28 03:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/09/07 21:46:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/03 12:04:49 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/03 11:47:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/03 11:47:43 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  24. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    OTL.txt cont..---------------------------------------------------------------------------------------------------

    ========== Chrome ==========

    CHR - homepage: http://start.funmoods.com/?f=1&a=ax...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    CHR - default_search_provider: Web Search ()
    CHR - default_search_provider: search_url = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://start.funmoods.com/?f=1&a=ax...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: SpeedDial = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
    CHR - Extension: avast! WebRep = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

    O1 HOSTS File: ([2012/10/01 20:03:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000..\Run: [Spotify] C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000..\Run: [Spotify Web Helper] C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5792BFBD-E177-4EAA-934F-AF82BB67D2A3}: DhcpNameServer = 192.168.15.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86}: DhcpNameServer = 192.168.15.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
    O24 - Desktop WallPaper: C:\Users\resham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\resham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/01 21:19:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
    [2012/10/01 20:10:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/01 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\temp
    [2012/10/01 20:03:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/01 19:44:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/01 19:44:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/01 19:44:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/01 18:38:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/01 18:37:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/01 18:00:46 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\resham\Contacts\Desktop\ComboFix.exe
    [2012/10/01 14:29:29 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/01 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\FRST logs step 3
    [2012/09/19 20:38:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\resham\Contacts\Desktop\aswMBR.exe
    [2012/09/19 20:32:51 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\RK_Quarantine
    [2012/09/19 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\logs step 2, 9-18-12
    [2012/09/19 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\Tdsskiller
    [2012/09/18 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\Apps
    [2012/09/18 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\Malwarebytes
    [2012/09/18 17:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/18 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/18 00:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/09/18 00:56:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/09/18 00:56:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/09/18 00:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/18 00:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/09/17 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/09/17 23:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/09/17 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\SpeedyPC Software
    [2012/09/17 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\DriverCure
    [2012/09/17 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/09/17 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
    [2012/09/09 19:09:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak
    [2012/09/09 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
    [2012/09/07 21:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/02 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\Spotify
    [2012/09/02 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\Spotify
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/01 21:20:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
    [2012/10/01 20:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/01 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/01 20:06:49 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/01 20:06:49 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/01 20:06:49 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/01 20:04:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/01 20:03:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/01 20:03:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_resham.job
    [2012/10/01 20:02:23 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/10/01 20:01:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/01 20:01:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/01 20:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/01 18:01:12 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\resham\Contacts\Desktop\ComboFix.exe
    [2012/10/01 13:38:48 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_resham.job
    [2012/10/01 13:38:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_resham.job
    [2012/09/19 21:24:05 | 000,000,512 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\MBR.dat
    [2012/09/19 20:42:05 | 540,251,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/19 20:38:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\resham\Contacts\Desktop\aswMBR.exe
    [2012/09/19 20:25:41 | 001,382,912 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\RogueKiller.exe
    [2012/09/19 20:17:38 | 000,000,984 | ---- | M] () -- C:\Users\resham\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/09/18 23:21:04 | 000,000,417 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller - Shortcut.lnk
    [2012/09/18 21:02:30 | 002,193,404 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip.zip
    [2012/09/18 20:44:52 | 002,193,278 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip
    [2012/09/18 17:37:09 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/18 00:56:32 | 000,001,356 | ---- | M] () -- C:\Users\resham\AppData\Local\d3d9caps.dat
    [2012/09/18 00:56:31 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/18 00:56:30 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
    [2012/09/18 00:56:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/09/17 23:17:50 | 000,000,732 | ---- | M] () -- C:\Users\resham\AppData\Local\d3d9caps64.dat
    [2012/09/17 22:28:14 | 000,000,000 | ---- | M] () -- C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    [2012/09/13 00:35:17 | 000,000,967 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\DWR lectures.htm
    [2012/09/12 18:53:28 | 000,746,225 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\Stratigraphic_Chart_GTS2012.jpg
    [2012/09/11 18:57:48 | 000,036,352 | ---- | M] () -- C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/02 20:36:59 | 000,001,733 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\Spotify.lnk
    [2012/09/02 17:40:31 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/01 19:44:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/01 19:44:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/01 19:44:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/01 19:44:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/01 19:44:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/01 00:56:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_resham.job
    [2012/10/01 00:56:01 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_resham.job
    [2012/10/01 00:56:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_resham.job
    [2012/09/19 20:57:54 | 000,000,512 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\MBR.dat
    [2012/09/19 20:25:26 | 001,382,912 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\RogueKiller.exe
    [2012/09/18 21:02:30 | 002,193,404 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip.zip
    [2012/09/18 20:45:36 | 000,000,417 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller - Shortcut.lnk
    [2012/09/18 20:44:35 | 002,193,278 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip
    [2012/09/18 17:37:09 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/18 17:37:06 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/18 00:56:31 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/09/18 00:56:30 | 000,969,200 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/09/18 00:56:30 | 000,359,464 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/09/18 00:56:30 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
    [2012/09/18 00:56:30 | 000,071,600 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/09/18 00:56:30 | 000,059,728 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/09/18 00:56:30 | 000,044,272 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/09/18 00:56:30 | 000,025,232 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/09/18 00:56:30 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
    [2012/09/18 00:56:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/09/17 23:17:50 | 000,000,732 | ---- | C] () -- C:\Users\resham\AppData\Local\d3d9caps64.dat
    [2012/09/17 22:15:25 | 000,000,000 | ---- | C] () -- C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    [2012/09/13 00:35:17 | 000,000,967 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\DWR lectures.htm
    [2012/09/12 18:53:26 | 000,746,225 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\Stratigraphic_Chart_GTS2012.jpg
    [2012/09/02 20:36:59 | 000,001,733 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\Spotify.lnk
    [2012/09/02 20:36:59 | 000,001,713 | ---- | C] () -- C:\Users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2012/08/25 11:56:18 | 000,000,632 | RHS- | C] () -- C:\Users\resham\ntuser.pol
    [2012/07/09 00:11:32 | 000,384,844 | ---- | C] () -- C:\Users\resham\AppData\Local\funmoods-speeddial.crx
    [2011/10/12 18:11:28 | 015,983,616 | ---- | C] () -- C:\Users\resham\Cricket Broadband Setup-v1.0 (build 1950).msi
    [2011/09/19 19:08:18 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll
    [2011/09/19 19:08:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
    [2011/09/19 19:08:18 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll
    [2011/07/01 16:53:48 | 000,000,152 | ---- | C] () -- C:\Users\resham\webct_upload_applet.properties
    [2011/04/06 22:43:44 | 000,000,162 | ---- | C] () -- C:\Users\resham\AppData\Roaming\wklnhst.dat
    [2011/03/23 20:57:14 | 000,001,356 | ---- | C] () -- C:\Users\resham\AppData\Local\d3d9caps.dat
    [2010/01/14 16:48:39 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
    [2009/09/26 21:09:56 | 000,036,352 | ---- | C] () -- C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 08:56:31 | 012,898,304 | ---- | M] ()
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 08:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/02 21:53:36 | 000,891,392 | ---- | M] ()
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/02 21:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] ()
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
    [2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
    [2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mina pks\AppData\Roaming\Temp
    [2011/10/12 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Cricket
    [2012/09/17 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\DriverCure
    [2012/01/29 13:48:11 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Notepad++
    [2012/09/17 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\SpeedyPC Software
    [2012/10/01 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Spotify
    [2011/06/09 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Temp
    [2012/08/21 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Template
    [2009/09/28 16:40:47 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\TOSHIBA
    [2009/09/20 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\WildTangent
    [2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Resham2\AppData\Roaming\Temp
    [2011/03/31 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\tearsa\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    < End of report >
  25. sandhu1

    sandhu1 Newcomer, in training Topic Starter Posts: 22

    Extras.Txt-------------------------------------------------------------------------------------------------------

    OTL Extras logfile created on: 10/1/2012 9:21:50 PM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\resham\Contacts\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.87 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.89% Memory free
    7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.55 Gb Total Space | 188.89 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
    Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.88% Space Free | Partition Type: FAT32

    Computer Name: RESHAM-PC | User Name: resham | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Unable to open value key File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    htafile [open] -- "%1" %*
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
    https [open] -- Reg Error: Unable to open value key
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Unable to open value key
    htafile [open] -- "%1" %*
    https [open] -- Reg Error: Unable to open value key
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Unable to open value key
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Unable to open value key
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{47ED0D77-D424-4079-BCFC-1332F00F0B4B}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4E71AD18-2A8D-401B-9359-188A2FE67157}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{527A6EA1-CBD6-4C24-A80C-5EAC81AAA13D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{54BAC73B-264C-4EF4-8CD3-BA2757B4F2A0}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B9738DB2-60A6-46CA-8470-4120FA7FB62A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CD17CC24-4AA3-46B8-8FDF-E22A11A8070F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CEC43ECE-8364-43DE-8A9A-478D1185A48A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D86AE4E8-54BD-4137-B2C2-205A56A67D6B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{DABC23A5-02C3-40A2-896A-9AB99327B851}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FFCDA495-F5DA-4EC2-8A5F-706708EBD85A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1C8FB24C-A572-4436-B347-C358178E1EA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{839169CD-5093-4124-BDD3-4BE8D61E5D43}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BE98E5B0-DDBE-4CE7-B2E5-C8119B9BA60D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{8E67C118-DE47-4AF7-8913-9CA9C1BBF23B}C:\users\resham\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\resham\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{985C041B-4367-459E-AE6C-DE75BC25C60F}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{430A7DD2-B11E-4767-9F00-66BA0635ACFF}C:\users\resham\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\resham\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{6B2625FA-1A91-463C-98B4-37A5B0636ED2}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
    "{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
    "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
    "{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2B9B1B9E-45E5-4A76-9CA8-E06F897A3201}" = Cricket Broadband 1.0
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
    "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
    "{56BA241F-580C-43D2-8403-947241AAE633}" = center
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
    "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
    "{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "avast" = avast! Free Antivirus
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Maple 12" = Maple 12
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "RealPlayer 12.0" = RealPlayer
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/1/2012 4:18:44 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2168

    Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3369

    Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3369

    Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4383

    Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4383

    Error - 10/1/2012 4:39:35 PM | Computer Name = resham-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 10/1/2012 11:02:01 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.15.89:5353 19 89.15.168.192.in-addr.arpa.
    PTR resham-PC-2.local.

    Error - 10/1/2012 11:02:01 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 17 89.15.168.192.in-addr.arpa.
    PTR resham-PC.local.

    Error - 10/1/2012 11:03:20 PM | Computer Name = resham-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 9/23/2012 10:17:09 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/24/2012 9:58:47 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/25/2012 10:24:06 AM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/26/2012 7:21:06 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/26/2012 10:24:43 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/28/2012 10:38:11 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 9/30/2012 5:54:07 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/1/2012 12:14:19 AM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/1/2012 4:05:33 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/1/2012 10:16:32 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 2/19/2010 1:01:17 PM | Computer Name = resham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 132
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 2/21/2010 5:18:02 PM | Computer Name = resham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47252
    seconds with 3900 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7023
    Description =

    Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 10/1/2012 10:52:51 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/1/2012 10:59:33 PM | Computer Name = resham-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/1/2012 11:00:23 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/1/2012 11:01:49 PM | Computer Name = resham-PC | Source = HTTP | ID = 15016
    Description =

    Error - 10/1/2012 11:02:23 PM | Computer Name = resham-PC | Source = ipnathlp | ID = 34001
    Description = The ICS_IPV6 failed to configure IPv6 stack.

    Error - 10/1/2012 11:02:23 PM | Computer Name = resham-PC | Source = ipnathlp | ID = 30013
    Description = The DHCP allocator has disabled itself on IP address 192.168.15.89,
    since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which
    addresses are being allocated to DHCP clients. To enable the DHCP allocator on
    this IP address, change the scope to include the IP address, or change the IP address
    to fall within the scope.

    Error - 10/1/2012 11:03:21 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.