TechSpot

Laptop running slow

Solved
By familyman14
Jan 6, 2013
  1. .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2010 8:13:48 AM
    System Uptime: 1/6/2013 7:57:45 AM (2 hours ago)
    .
    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Pentium(R) CPU P6100 @ 2.00GHz | CPU | 919/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 246.335 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP116: 10/10/2012 7:03:31 PM - Windows Update
    RP117: 10/19/2012 5:58:17 PM - Installed Java(TM) 6 Update 37
    RP118: 11/14/2012 8:35:31 PM - Windows Update
    RP119: 11/27/2012 7:25:01 PM - Windows Update
    RP120: 12/11/2012 9:17:18 PM - Windows Update
    RP121: 12/20/2012 8:31:46 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Akamai NetSession Interface Service
    Ask Toolbar
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Avira Free Antivirus
    Best Buy pc app
    CamStudio OSS Desktop Recorder
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HD Audio
    Google Earth
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 37
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Xbox 360 Accessories 1.2
    MSVCRT
    Pando Media Booster
    PlayReady PC Runtime amd64
    Project64 1.7
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.00 (32-bit)
    WinZip 15.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/6/2013 7:58:34 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    1/6/2013 7:58:03 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    1/6/2013 7:58:03 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    1/6/2013 7:58:03 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    1/6/2013 7:58:03 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    1/5/2013 7:09:48 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{18830C7F-EE7A-46D2-ACB7-35C0106EEE1B} because another computer on the network has the same name. The server could not start.
    1/5/2013 7:09:48 PM, Error: NetBT [4321] - The name "MUMBLES2X-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.14 did not allow the name to be claimed by this computer.
    1/5/2013 7:09:48 PM, Error: NetBT [4321] - The name "MUMBLES2X-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.14 did not allow the name to be claimed by this computer.
    1/1/2013 12:04:48 AM, Error: NetBT [4321] - The name "MUMBLES2X-PC :0" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.7 did not allow the name to be claimed by this computer.
    1/1/2013 12:03:32 AM, Error: NetBT [4321] - The name "MUMBLES2X-PC :20" could not be registered on the interface with IP address 192.168.1.5. The computer with the IP address 192.168.1.7 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.06.03
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Gramps :: MUMBLES2X-PC [administrator]
    1/6/2013 8:56:25 AM
    mbam-log-2013-01-06 (08-56-25).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 248012
    Time elapsed: 4 minute(s), 32 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    I still need DDS.txt log.
     
  3. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Sorry, I thought that was it.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Please do.
    DDS produces two logs, DDS.txt and Attach.txt.
    I need the first one.
     
  5. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514
    Run by Gramps at 17:46:46 on 2013-01-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1641 [GMT -5:00]
    .

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\igfxext.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh09012012
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uProxyOverride = <local>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Avira SearchFree Toolbar plus WebGuard: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Avira SearchFree Toolbar plus WebGuard: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Avira SearchFree Toolbar plus WebGuard: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{04CC289A-FDDE-4351-BD80-B33D66F878DE} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18830C7F-EE7A-46D2-ACB7-35C0106EEE1B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18830C7F-EE7A-46D2-ACB7-35C0106EEE1B}\4596E69744F6C6078696E6D27657563747 : DHCPNameServer = 192.168.33.1 71.243.0.12 71.250.0.12
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2012-5-14 27760]
    R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-14 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-14 110032]
    R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2012-5-14 98848]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-25 2320920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-10-25 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192Ce.sys [2010-10-25 877088]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-10-25 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-10-25 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-06 13:54:51 -------- d-----w- C:\Users\Gramps\AppData\Local\Programs
    2012-12-21 01:32:43 46080 ----a-w- C:\windows\System32\atmlib.dll
    2012-12-21 01:32:43 367616 ----a-w- C:\windows\System32\atmfd.dll
    2012-12-21 01:32:43 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
    2012-12-21 01:32:41 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
    2012-12-09 16:06:20 -------- d-----w- C:\Users\Gramps\AppData\Roaming\PC Utility Kit
    2012-12-09 16:06:20 -------- d-----w- C:\Users\Gramps\AppData\Roaming\DriverCure
    2012-12-09 16:06:08 -------- d-----w- C:\ProgramData\PC Utility Kit
    .
    ==================== Find3M ====================
    .
    2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-12-12 01:02:15 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 01:02:15 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
    2012-11-12 12:28:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2012-11-12 11:52:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
    2012-10-27 06:26:55 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-10-27 05:51:21 1188864 ----a-w- C:\windows\System32\wininet.dll
    2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
    .
    ============= FINISH: 17:46:56.01 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Gramps [Admin rights]
    Mode : Remove -- Date : 01/07/2013 19:11:39
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [STARTUP][SUSP PATH] Best Buy pc app.lnk Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
    --- User ---
    [MBR] 1fb9b8f8aa785f63e1ec2701e83866f7
    [BSP] 37fa0e3945bc0c23b8ec55bf7b7ef4a3 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293159 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603463680 | Size: 10585 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_01072013_02d1911.txt >>
    RKreport[1]_S_01072013_02d1910.txt ; RKreport[2]_D_01072013_02d1911.txt

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-07 19:15:53
    -----------------------------
    19:15:53.651 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:15:53.651 Number of processors: 2 586 0x2505
    19:15:53.666 ComputerName: MUMBLES2X-PC UserName: Gramps
    19:16:00.156 Initialize success
    19:31:37.475 AVAST engine defs: 13010701
    19:32:42.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:32:42.449 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
    19:32:42.465 Disk 0 MBR read successfully
    19:32:42.465 Disk 0 MBR scan
    19:32:42.480 Disk 0 Windows VISTA default MBR code
    19:32:42.496 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:32:42.512 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293159 MB offset 3074048
    19:32:42.543 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10585 MB offset 603463680
    19:32:42.590 Disk 0 scanning C:\windows\system32\drivers
    19:32:56.006 Service scanning
    19:33:29.281 Modules scanning
    19:33:29.296 Disk 0 trace - called modules:
    19:33:29.327 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    19:33:29.327 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800333a060]
    19:33:29.343 3 CLASSPNP.SYS[fffff88001bbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80030b2050]
    19:33:31.215 AVAST engine scan C:\windows
    19:33:33.571 AVAST engine scan C:\windows\system32
    19:37:47.539 AVAST engine scan C:\windows\system32\drivers
    19:38:01.844 AVAST engine scan C:\Users\Gramps
    19:40:45.052 AVAST engine scan C:\ProgramData
    19:41:28.669 Scan finished successfully
    19:42:13.816 Disk 0 MBR has been saved successfully to "C:\Users\Gramps\Desktop\MBR.dat"
    19:42:13.816 The log file has been saved successfully to "C:\Users\Gramps\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Don't know what I did wrong but I DL'ed combofix ran it, half way through a notice popped up saying "PEV.exe has stopped working", then it rebooted and made the log. Now I have no internet and can't open anything. I keep getting a notice saying that the file is marked for deletion when I try to click on internet explorer, my computer and any control panel stuff. Tried to go to my restore point but like I said , can't open anything. BTW I am on my kids laptop.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    If you read my instructions CAREFULLY...

     
  11. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Sorry, I will try and control my ADD better. Re started my laptop and halfway through homepage loading a message pop ups saying " runtime error! Program: C:\program files (x86)\internet explorer\iexplore.exe This application has requested the runtime to terminate it in an unusual way.

    Also now I can't find the txt from combofix anywhere.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Re-run Combofix one more time.
     
  13. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Reran combofix , Same message. restarted computer and same.
     
  14. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  15. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    Message reads " mbar.exe - system error X The program can't start because QtGui4.dll is missing from your computer. try reinstalling the program to fix the problem.

    Reinstalled and same. I opened mbar file and can see that Qtgui4.dll is in the folder created on 12/4/2012. Also I can get on my browser by using inprivate browsing.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    12:16:45.0914 0492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:16:46.0257 0492 ============================================================
    12:16:46.0257 0492 Current date / time: 2013/01/11 12:16:46.0257
    12:16:46.0257 0492 SystemInfo:
    12:16:46.0257 0492
    12:16:46.0257 0492 OS Version: 6.1.7601 ServicePack: 1.0
    12:16:46.0257 0492 Product type: Workstation
    12:16:46.0257 0492 ComputerName: MUMBLES2X-PC
    12:16:46.0257 0492 UserName: Gramps
    12:16:46.0257 0492 Windows directory: C:\windows
    12:16:46.0257 0492 System windows directory: C:\windows
    12:16:46.0257 0492 Running under WOW64
    12:16:46.0257 0492 Processor architecture: Intel x64
    12:16:46.0257 0492 Number of processors: 2
    12:16:46.0257 0492 Page size: 0x1000
    12:16:46.0257 0492 Boot type: Normal boot
    12:16:46.0257 0492 ============================================================
    12:16:47.0849 0492 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:16:47.0849 0492 ============================================================
    12:16:47.0849 0492 \Device\Harddisk0\DR0:
    12:16:47.0849 0492 MBR partitions:
    12:16:47.0849 0492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C93800
    12:16:47.0849 0492 ============================================================
    12:16:47.0880 0492 C: <-> \Device\Harddisk0\DR0\Partition1
    12:16:47.0880 0492 ============================================================
    12:16:47.0880 0492 Initialize success
    12:16:47.0880 0492 ============================================================
    12:16:49.0752 2296 ============================================================
    12:16:49.0752 2296 Scan started
    12:16:49.0752 2296 Mode: Manual;
    12:16:49.0752 2296 ============================================================
    12:16:50.0813 2296 ================ Scan system memory ========================
    12:16:50.0813 2296 System memory - ok
    12:16:50.0813 2296 ================ Scan services =============================
    12:16:51.0015 2296 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    12:16:51.0031 2296 1394ohci - ok
    12:16:51.0062 2296 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    12:16:51.0078 2296 ACPI - ok
    12:16:51.0125 2296 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    12:16:51.0125 2296 AcpiPmi - ok
    12:16:51.0265 2296 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    12:16:51.0265 2296 AdobeARMservice - ok
    12:16:51.0390 2296 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:16:51.0405 2296 AdobeFlashPlayerUpdateSvc - ok
    12:16:51.0499 2296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    12:16:51.0515 2296 adp94xx - ok
    12:16:51.0561 2296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    12:16:51.0561 2296 adpahci - ok
    12:16:51.0577 2296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    12:16:51.0593 2296 adpu320 - ok
    12:16:51.0624 2296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    12:16:51.0624 2296 AeLookupSvc - ok
    12:16:51.0671 2296 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    12:16:51.0671 2296 AFD - ok
    12:16:51.0702 2296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    12:16:51.0702 2296 agp440 - ok
    12:16:51.0889 2296 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
    12:16:51.0889 2296 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    12:16:51.0889 2296 Akamai ( HiddenFile.Multi.Generic ) - warning
    12:16:51.0889 2296 Akamai - detected HiddenFile.Multi.Generic (1)
    12:16:51.0920 2296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    12:16:51.0920 2296 ALG - ok
    12:16:51.0983 2296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    12:16:51.0983 2296 aliide - ok
    12:16:51.0983 2296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    12:16:51.0983 2296 amdide - ok
    12:16:52.0014 2296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    12:16:52.0014 2296 AmdK8 - ok
    12:16:52.0045 2296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    12:16:52.0045 2296 AmdPPM - ok
    12:16:52.0076 2296 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    12:16:52.0092 2296 amdsata - ok
    12:16:52.0107 2296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    12:16:52.0123 2296 amdsbs - ok
    12:16:52.0154 2296 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    12:16:52.0154 2296 amdxata - ok
    12:16:52.0185 2296 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    12:16:52.0185 2296 AppID - ok
    12:16:52.0217 2296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    12:16:52.0217 2296 AppIDSvc - ok
    12:16:52.0263 2296 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    12:16:52.0263 2296 Appinfo - ok
    12:16:52.0341 2296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    12:16:52.0341 2296 arc - ok
    12:16:52.0373 2296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    12:16:52.0373 2296 arcsas - ok
    12:16:52.0388 2296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    12:16:52.0388 2296 AsyncMac - ok
    12:16:52.0435 2296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    12:16:52.0435 2296 atapi - ok
    12:16:52.0497 2296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    12:16:52.0497 2296 AudioEndpointBuilder - ok
    12:16:52.0513 2296 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    12:16:52.0513 2296 AudioSrv - ok
    12:16:52.0575 2296 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    12:16:52.0575 2296 AxInstSV - ok
    12:16:52.0607 2296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    12:16:52.0607 2296 b06bdrv - ok
    12:16:52.0638 2296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    12:16:52.0669 2296 b57nd60a - ok
    12:16:52.0716 2296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    12:16:52.0716 2296 BDESVC - ok
    12:16:52.0731 2296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    12:16:52.0731 2296 Beep - ok
    12:16:52.0809 2296 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    12:16:52.0809 2296 BFE - ok
    12:16:52.0856 2296 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
    12:16:52.0856 2296 BITS - ok
    12:16:52.0887 2296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    12:16:52.0887 2296 blbdrive - ok
    12:16:52.0919 2296 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    12:16:52.0934 2296 bowser - ok
    12:16:52.0950 2296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    12:16:52.0950 2296 BrFiltLo - ok
    12:16:52.0965 2296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    12:16:52.0965 2296 BrFiltUp - ok
    12:16:53.0028 2296 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
    12:16:53.0028 2296 BridgeMP - ok
    12:16:53.0059 2296 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    12:16:53.0059 2296 Browser - ok
    12:16:53.0090 2296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    12:16:53.0090 2296 Brserid - ok
    12:16:53.0121 2296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    12:16:53.0121 2296 BrSerWdm - ok
    12:16:53.0153 2296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    12:16:53.0153 2296 BrUsbMdm - ok
    12:16:53.0153 2296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    12:16:53.0153 2296 BrUsbSer - ok
    12:16:53.0184 2296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    12:16:53.0184 2296 BTHMODEM - ok
    12:16:53.0231 2296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    12:16:53.0231 2296 bthserv - ok
    12:16:53.0277 2296 catchme - ok
    12:16:53.0293 2296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    12:16:53.0293 2296 cdfs - ok
    12:16:53.0355 2296 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
    12:16:53.0371 2296 cdrom - ok
    12:16:53.0433 2296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    12:16:53.0433 2296 CertPropSvc - ok
    12:16:53.0480 2296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    12:16:53.0480 2296 circlass - ok
    12:16:53.0511 2296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    12:16:53.0511 2296 CLFS - ok
    12:16:53.0589 2296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:16:53.0605 2296 clr_optimization_v2.0.50727_32 - ok
    12:16:53.0652 2296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:16:53.0652 2296 clr_optimization_v2.0.50727_64 - ok
    12:16:53.0745 2296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:16:53.0777 2296 clr_optimization_v4.0.30319_32 - ok
    12:16:53.0823 2296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:16:53.0823 2296 clr_optimization_v4.0.30319_64 - ok
    12:16:53.0870 2296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    12:16:53.0870 2296 CmBatt - ok
    12:16:53.0870 2296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    12:16:53.0870 2296 cmdide - ok
    12:16:53.0901 2296 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    12:16:53.0917 2296 CNG - ok
    12:16:53.0964 2296 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
    12:16:53.0979 2296 CnxtHdAudService - ok
    12:16:54.0026 2296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    12:16:54.0026 2296 Compbatt - ok
    12:16:54.0089 2296 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    12:16:54.0089 2296 CompositeBus - ok
    12:16:54.0104 2296 COMSysApp - ok
    12:16:54.0135 2296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    12:16:54.0135 2296 crcdisk - ok
    12:16:54.0182 2296 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    12:16:54.0182 2296 CryptSvc - ok
    12:16:54.0245 2296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    12:16:54.0245 2296 DcomLaunch - ok
    12:16:54.0276 2296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    12:16:54.0276 2296 defragsvc - ok
    12:16:54.0354 2296 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    12:16:54.0354 2296 DfsC - ok
    12:16:54.0416 2296 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    12:16:54.0416 2296 Dhcp - ok
    12:16:54.0447 2296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    12:16:54.0447 2296 discache - ok
    12:16:54.0479 2296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    12:16:54.0479 2296 Disk - ok
    12:16:54.0510 2296 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    12:16:54.0510 2296 Dnscache - ok
    12:16:54.0572 2296 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    12:16:54.0572 2296 dot3svc - ok
    12:16:54.0603 2296 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    12:16:54.0603 2296 DPS - ok
    12:16:54.0635 2296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    12:16:54.0650 2296 drmkaud - ok
    12:16:54.0713 2296 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    12:16:54.0713 2296 DXGKrnl - ok
    12:16:54.0759 2296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    12:16:54.0759 2296 EapHost - ok
    12:16:54.0853 2296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    12:16:54.0931 2296 ebdrv - ok
    12:16:54.0962 2296 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    12:16:54.0962 2296 EFS - ok
    12:16:55.0056 2296 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    12:16:55.0056 2296 ehRecvr - ok
    12:16:55.0087 2296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    12:16:55.0087 2296 ehSched - ok
    12:16:55.0134 2296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    12:16:55.0134 2296 elxstor - ok
    12:16:55.0165 2296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    12:16:55.0165 2296 ErrDev - ok
    12:16:55.0227 2296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    12:16:55.0227 2296 EventSystem - ok
    12:16:55.0259 2296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    12:16:55.0274 2296 exfat - ok
    12:16:55.0305 2296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    12:16:55.0321 2296 fastfat - ok
    12:16:55.0399 2296 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    12:16:55.0399 2296 Fax - ok
    12:16:55.0430 2296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    12:16:55.0430 2296 fdc - ok
    12:16:55.0461 2296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    12:16:55.0461 2296 fdPHost - ok
    12:16:55.0477 2296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    12:16:55.0477 2296 FDResPub - ok
    12:16:55.0508 2296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    12:16:55.0508 2296 FileInfo - ok
    12:16:55.0524 2296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    12:16:55.0524 2296 Filetrace - ok
    12:16:55.0539 2296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    12:16:55.0555 2296 flpydisk - ok
    12:16:55.0617 2296 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    12:16:55.0617 2296 FltMgr - ok
    12:16:55.0695 2296 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    12:16:55.0711 2296 FontCache - ok
    12:16:55.0773 2296 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:16:55.0773 2296 FontCache3.0.0.0 - ok
    12:16:55.0805 2296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    12:16:55.0805 2296 FsDepends - ok
    12:16:55.0836 2296 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    12:16:55.0836 2296 Fs_Rec - ok
    12:16:55.0883 2296 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    12:16:55.0883 2296 fvevol - ok
    12:16:55.0914 2296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    12:16:55.0914 2296 gagp30kx - ok
    12:16:55.0961 2296 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    12:16:55.0976 2296 gpsvc - ok
    12:16:56.0070 2296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:16:56.0070 2296 gupdate - ok
    12:16:56.0085 2296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:16:56.0085 2296 gupdatem - ok
    12:16:56.0132 2296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    12:16:56.0132 2296 hcw85cir - ok
    12:16:56.0210 2296 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    12:16:56.0210 2296 HdAudAddService - ok
    12:16:56.0241 2296 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    12:16:56.0257 2296 HDAudBus - ok
    12:16:56.0288 2296 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    12:16:56.0288 2296 HECIx64 - ok
    12:16:56.0335 2296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    12:16:56.0335 2296 HidBatt - ok
    12:16:56.0351 2296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    12:16:56.0366 2296 HidBth - ok
    12:16:56.0397 2296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    12:16:56.0397 2296 HidIr - ok
    12:16:56.0413 2296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
    12:16:56.0429 2296 hidserv - ok
    12:16:56.0475 2296 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    12:16:56.0475 2296 HidUsb - ok
    12:16:56.0522 2296 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    12:16:56.0522 2296 hkmsvc - ok
    12:16:56.0569 2296 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    12:16:56.0585 2296 HomeGroupListener - ok
    12:16:56.0616 2296 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    12:16:56.0616 2296 HomeGroupProvider - ok
    12:16:56.0647 2296 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    12:16:56.0647 2296 HpSAMD - ok
    12:16:56.0694 2296 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    12:16:56.0694 2296 HTTP - ok
    12:16:56.0741 2296 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    12:16:56.0741 2296 hwpolicy - ok
    12:16:56.0803 2296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    12:16:56.0803 2296 i8042prt - ok
    12:16:56.0850 2296 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    12:16:56.0850 2296 iaStor - ok
    12:16:56.0881 2296 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    12:16:56.0881 2296 iaStorV - ok
    12:16:56.0959 2296 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    12:16:56.0959 2296 IDriverT - ok
    12:16:57.0021 2296 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:16:57.0037 2296 idsvc - ok
    12:16:57.0271 2296 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    12:16:57.0489 2296 igfx - ok
    12:16:57.0521 2296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    12:16:57.0521 2296 iirsp - ok
    12:16:57.0599 2296 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    12:16:57.0599 2296 IKEEXT - ok
    12:16:57.0645 2296 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
    12:16:57.0645 2296 Impcd - ok
    12:16:57.0677 2296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    12:16:57.0677 2296 intelide - ok
    12:16:57.0708 2296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    12:16:57.0708 2296 intelppm - ok
    12:16:57.0723 2296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    12:16:57.0739 2296 IPBusEnum - ok
    12:16:57.0770 2296 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    12:16:57.0770 2296 IpFilterDriver - ok
    12:16:57.0848 2296 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    12:16:57.0848 2296 iphlpsvc - ok
    12:16:57.0895 2296 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    12:16:57.0895 2296 IPMIDRV - ok
    12:16:57.0942 2296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    12:16:57.0957 2296 IPNAT - ok
    12:16:57.0973 2296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    12:16:57.0973 2296 IRENUM - ok
    12:16:57.0989 2296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    12:16:57.0989 2296 isapnp - ok
    12:16:58.0020 2296 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    12:16:58.0035 2296 iScsiPrt - ok
    12:16:58.0067 2296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
    12:16:58.0067 2296 kbdclass - ok
    12:16:58.0098 2296 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    12:16:58.0098 2296 kbdhid - ok
    12:16:58.0129 2296 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    12:16:58.0129 2296 KeyIso - ok
    12:16:58.0160 2296 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    12:16:58.0160 2296 KSecDD - ok
    12:16:58.0207 2296 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    12:16:58.0207 2296 KSecPkg - ok
    12:16:58.0254 2296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    12:16:58.0254 2296 ksthunk - ok
    12:16:58.0301 2296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    12:16:58.0301 2296 KtmRm - ok
    12:16:58.0347 2296 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    12:16:58.0347 2296 L1C - ok
    12:16:58.0410 2296 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
    12:16:58.0410 2296 LanmanServer - ok
    12:16:58.0441 2296 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    12:16:58.0441 2296 LanmanWorkstation - ok
    12:16:58.0488 2296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    12:16:58.0488 2296 lltdio - ok
    12:16:58.0535 2296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    12:16:58.0550 2296 lltdsvc - ok
    12:16:58.0566 2296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    12:16:58.0566 2296 lmhosts - ok
    12:16:58.0644 2296 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    12:16:58.0644 2296 LMS - ok
    12:16:58.0706 2296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    12:16:58.0706 2296 LSI_FC - ok
    12:16:58.0737 2296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    12:16:58.0737 2296 LSI_SAS - ok
    12:16:58.0753 2296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    12:16:58.0753 2296 LSI_SAS2 - ok
    12:16:58.0769 2296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    12:16:58.0784 2296 LSI_SCSI - ok
    12:16:58.0800 2296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    12:16:58.0800 2296 luafv - ok
    12:16:58.0831 2296 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    12:16:58.0831 2296 Mcx2Svc - ok
    12:16:58.0847 2296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    12:16:58.0847 2296 megasas - ok
    12:16:58.0878 2296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    12:16:58.0878 2296 MegaSR - ok
    12:16:58.0909 2296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    12:16:58.0909 2296 MMCSS - ok
    12:16:58.0925 2296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    12:16:58.0925 2296 Modem - ok
    12:16:58.0956 2296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    12:16:58.0956 2296 monitor - ok
    12:16:58.0987 2296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    12:16:59.0003 2296 mouclass - ok
    12:16:59.0034 2296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    12:16:59.0034 2296 mouhid - ok
    12:16:59.0065 2296 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    12:16:59.0065 2296 mountmgr - ok
    12:16:59.0081 2296 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    12:16:59.0096 2296 mpio - ok
    12:16:59.0112 2296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    12:16:59.0112 2296 mpsdrv - ok
    12:16:59.0205 2296 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    12:16:59.0221 2296 MpsSvc - ok
    12:16:59.0252 2296 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    12:16:59.0268 2296 MRxDAV - ok
    12:16:59.0299 2296 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    12:16:59.0299 2296 mrxsmb - ok
    12:16:59.0346 2296 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    12:16:59.0346 2296 mrxsmb10 - ok
    12:16:59.0377 2296 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    12:16:59.0377 2296 mrxsmb20 - ok
    12:16:59.0408 2296 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    12:16:59.0408 2296 msahci - ok
    12:16:59.0439 2296 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    12:16:59.0455 2296 msdsm - ok
    12:16:59.0486 2296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    12:16:59.0486 2296 MSDTC - ok
    12:16:59.0533 2296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    12:16:59.0533 2296 Msfs - ok
    12:16:59.0549 2296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    12:16:59.0549 2296 mshidkmdf - ok
    12:16:59.0580 2296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    12:16:59.0580 2296 msisadrv - ok
    12:16:59.0611 2296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    12:16:59.0627 2296 MSiSCSI - ok
    12:16:59.0627 2296 msiserver - ok
    12:16:59.0658 2296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    12:16:59.0658 2296 MSKSSRV - ok
    12:16:59.0689 2296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    12:16:59.0689 2296 MSPCLOCK - ok
    12:16:59.0705 2296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    12:16:59.0705 2296 MSPQM - ok
    12:16:59.0736 2296 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    12:16:59.0751 2296 MsRPC - ok
    12:16:59.0783 2296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    12:16:59.0783 2296 mssmbios - ok
    12:16:59.0814 2296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    12:16:59.0814 2296 MSTEE - ok
    12:16:59.0829 2296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    12:16:59.0845 2296 MTConfig - ok
    12:16:59.0861 2296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    12:16:59.0861 2296 Mup - ok
    12:16:59.0907 2296 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    12:16:59.0923 2296 napagent - ok
    12:16:59.0970 2296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    12:16:59.0985 2296 NativeWifiP - ok
    12:17:00.0048 2296 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    12:17:00.0063 2296 NDIS - ok
    12:17:00.0079 2296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    12:17:00.0095 2296 NdisCap - ok
    12:17:00.0126 2296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    12:17:00.0126 2296 NdisTapi - ok
    12:17:00.0173 2296 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    12:17:00.0173 2296 Ndisuio - ok
    12:17:00.0219 2296 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    12:17:00.0219 2296 NdisWan - ok
    12:17:00.0266 2296 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    12:17:00.0266 2296 NDProxy - ok
    12:17:00.0297 2296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    12:17:00.0297 2296 NetBIOS - ok
    12:17:00.0344 2296 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    12:17:00.0360 2296 NetBT - ok
    12:17:00.0375 2296 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    12:17:00.0375 2296 Netlogon - ok
    12:17:00.0422 2296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    12:17:00.0422 2296 Netman - ok
    12:17:00.0453 2296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    12:17:00.0453 2296 netprofm - ok
    12:17:00.0485 2296 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:17:00.0485 2296 NetTcpPortSharing - ok
    12:17:00.0531 2296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    12:17:00.0531 2296 nfrd960 - ok
    12:17:00.0594 2296 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
    12:17:00.0594 2296 NlaSvc - ok
    12:17:00.0609 2296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    12:17:00.0625 2296 Npfs - ok
    12:17:00.0641 2296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    12:17:00.0641 2296 nsi - ok
    12:17:00.0672 2296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    12:17:00.0672 2296 nsiproxy - ok
    12:17:00.0750 2296 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    12:17:00.0765 2296 Ntfs - ok
    12:17:00.0812 2296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    12:17:00.0812 2296 Null - ok
    12:17:00.0843 2296 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    12:17:00.0843 2296 nvraid - ok
    12:17:00.0890 2296 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    12:17:00.0890 2296 nvstor - ok
    12:17:00.0921 2296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    12:17:00.0921 2296 nv_agp - ok
    12:17:00.0953 2296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    12:17:00.0953 2296 ohci1394 - ok
    12:17:00.0999 2296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    12:17:00.0999 2296 p2pimsvc - ok
    12:17:01.0015 2296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    12:17:01.0031 2296 p2psvc - ok
    12:17:01.0046 2296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    12:17:01.0062 2296 Parport - ok
    12:17:01.0093 2296 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    12:17:01.0093 2296 partmgr - ok
    12:17:01.0124 2296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    12:17:01.0124 2296 PcaSvc - ok
    12:17:01.0140 2296 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    12:17:01.0140 2296 pci - ok
    12:17:01.0187 2296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    12:17:01.0187 2296 pciide - ok
    12:17:01.0218 2296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    12:17:01.0218 2296 pcmcia - ok
    12:17:01.0233 2296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    12:17:01.0233 2296 pcw - ok
    12:17:01.0249 2296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    12:17:01.0265 2296 PEAUTH - ok
    12:17:01.0327 2296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    12:17:01.0327 2296 PerfHost - ok
    12:17:01.0389 2296 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    12:17:01.0389 2296 PGEffect - ok
    12:17:01.0452 2296 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    12:17:01.0483 2296 pla - ok
    12:17:01.0530 2296 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    12:17:01.0530 2296 PlugPlay - ok
    12:17:01.0561 2296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    12:17:01.0561 2296 PNRPAutoReg - ok
    12:17:01.0592 2296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    12:17:01.0592 2296 PNRPsvc - ok
    12:17:01.0623 2296 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    12:17:01.0639 2296 PolicyAgent - ok
    12:17:01.0670 2296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    12:17:01.0670 2296 Power - ok
    12:17:01.0717 2296 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    12:17:01.0717 2296 PptpMiniport - ok
    12:17:01.0748 2296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    12:17:01.0748 2296 Processor - ok
    12:17:01.0779 2296 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    12:17:01.0795 2296 ProfSvc - ok
    12:17:01.0795 2296 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    12:17:01.0795 2296 ProtectedStorage - ok
    12:17:01.0842 2296 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    12:17:01.0857 2296 Psched - ok
    12:17:01.0889 2296 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
    12:17:01.0889 2296 QIOMem - ok
    12:17:01.0967 2296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    12:17:01.0982 2296 ql2300 - ok
    12:17:01.0998 2296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    12:17:02.0013 2296 ql40xx - ok
    12:17:02.0045 2296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    12:17:02.0045 2296 QWAVE - ok
    12:17:02.0060 2296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    12:17:02.0060 2296 QWAVEdrv - ok
    12:17:02.0076 2296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    12:17:02.0076 2296 RasAcd - ok
    12:17:02.0107 2296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    12:17:02.0107 2296 RasAgileVpn - ok
    12:17:02.0123 2296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    12:17:02.0123 2296 RasAuto - ok
    12:17:02.0169 2296 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    12:17:02.0169 2296 Rasl2tp - ok
    12:17:02.0216 2296 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    12:17:02.0216 2296 RasMan - ok
    12:17:02.0247 2296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    12:17:02.0247 2296 RasPppoe - ok
    12:17:02.0279 2296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    12:17:02.0279 2296 RasSstp - ok
    12:17:02.0325 2296 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    12:17:02.0325 2296 rdbss - ok
    12:17:02.0341 2296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    12:17:02.0341 2296 rdpbus - ok
     
  18. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    12:17:02.0372 2296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    12:17:02.0372 2296 RDPCDD - ok
    12:17:02.0403 2296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    12:17:02.0403 2296 RDPENCDD - ok
    12:17:02.0419 2296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    12:17:02.0419 2296 RDPREFMP - ok
    12:17:02.0450 2296 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    12:17:02.0450 2296 RDPWD - ok
    12:17:02.0497 2296 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    12:17:02.0497 2296 rdyboost - ok
    12:17:02.0544 2296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    12:17:02.0544 2296 RemoteAccess - ok
    12:17:02.0575 2296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    12:17:02.0575 2296 RemoteRegistry - ok
    12:17:02.0591 2296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    12:17:02.0591 2296 RpcEptMapper - ok
    12:17:02.0622 2296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    12:17:02.0622 2296 RpcLocator - ok
    12:17:02.0637 2296 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
    12:17:02.0653 2296 RpcSs - ok
    12:17:02.0684 2296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    12:17:02.0684 2296 rspndr - ok
    12:17:02.0747 2296 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    12:17:02.0762 2296 RSUSBSTOR - ok
    12:17:02.0809 2296 [ B89C0601A05E1140AC96FA965D94C340 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
    12:17:02.0809 2296 rtl8192Ce - ok
    12:17:02.0840 2296 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    12:17:02.0840 2296 SamSs - ok
    12:17:02.0856 2296 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    12:17:02.0856 2296 sbp2port - ok
    12:17:02.0887 2296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    12:17:02.0887 2296 SCardSvr - ok
    12:17:02.0934 2296 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    12:17:02.0934 2296 scfilter - ok
    12:17:02.0981 2296 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    12:17:02.0996 2296 Schedule - ok
    12:17:03.0027 2296 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    12:17:03.0027 2296 SCPolicySvc - ok
    12:17:03.0043 2296 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    12:17:03.0043 2296 SDRSVC - ok
    12:17:03.0090 2296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    12:17:03.0090 2296 secdrv - ok
    12:17:03.0121 2296 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    12:17:03.0137 2296 seclogon - ok
    12:17:03.0152 2296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
    12:17:03.0152 2296 SENS - ok
    12:17:03.0168 2296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    12:17:03.0168 2296 SensrSvc - ok
    12:17:03.0199 2296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    12:17:03.0199 2296 Serenum - ok
    12:17:03.0230 2296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    12:17:03.0246 2296 Serial - ok
    12:17:03.0277 2296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    12:17:03.0277 2296 sermouse - ok
    12:17:03.0324 2296 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    12:17:03.0324 2296 SessionEnv - ok
    12:17:03.0355 2296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    12:17:03.0355 2296 sffdisk - ok
    12:17:03.0371 2296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    12:17:03.0371 2296 sffp_mmc - ok
    12:17:03.0371 2296 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    12:17:03.0386 2296 sffp_sd - ok
    12:17:03.0417 2296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    12:17:03.0417 2296 sfloppy - ok
    12:17:03.0495 2296 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    12:17:03.0495 2296 SharedAccess - ok
    12:17:03.0542 2296 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    12:17:03.0558 2296 ShellHWDetection - ok
    12:17:03.0589 2296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    12:17:03.0589 2296 SiSRaid2 - ok
    12:17:03.0605 2296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    12:17:03.0605 2296 SiSRaid4 - ok
    12:17:03.0636 2296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    12:17:03.0636 2296 Smb - ok
    12:17:03.0683 2296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    12:17:03.0683 2296 SNMPTRAP - ok
    12:17:03.0698 2296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    12:17:03.0698 2296 spldr - ok
    12:17:03.0745 2296 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    12:17:03.0745 2296 Spooler - ok
    12:17:03.0854 2296 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    12:17:03.0885 2296 sppsvc - ok
    12:17:03.0917 2296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    12:17:03.0917 2296 sppuinotify - ok
    12:17:03.0948 2296 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    12:17:03.0948 2296 srv - ok
    12:17:03.0963 2296 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    12:17:03.0963 2296 srv2 - ok
    12:17:04.0010 2296 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
    12:17:04.0010 2296 SrvHsfHDA - ok
    12:17:04.0041 2296 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
    12:17:04.0057 2296 SrvHsfV92 - ok
    12:17:04.0088 2296 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
    12:17:04.0088 2296 SrvHsfWinac - ok
    12:17:04.0119 2296 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    12:17:04.0119 2296 srvnet - ok
    12:17:04.0151 2296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    12:17:04.0151 2296 SSDPSRV - ok
    12:17:04.0166 2296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    12:17:04.0166 2296 SstpSvc - ok
    12:17:04.0197 2296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    12:17:04.0197 2296 stexstor - ok
    12:17:04.0244 2296 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    12:17:04.0260 2296 stisvc - ok
    12:17:04.0291 2296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    12:17:04.0307 2296 swenum - ok
    12:17:04.0353 2296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    12:17:04.0353 2296 swprv - ok
    12:17:04.0400 2296 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    12:17:04.0400 2296 SynTP - ok
    12:17:04.0478 2296 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    12:17:04.0494 2296 SysMain - ok
    12:17:04.0525 2296 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    12:17:04.0525 2296 TabletInputService - ok
    12:17:04.0556 2296 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    12:17:04.0556 2296 TapiSrv - ok
    12:17:04.0587 2296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    12:17:04.0587 2296 TBS - ok
    12:17:04.0697 2296 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    12:17:04.0712 2296 Tcpip - ok
    12:17:04.0759 2296 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    12:17:04.0775 2296 TCPIP6 - ok
    12:17:04.0790 2296 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    12:17:04.0790 2296 tcpipreg - ok
    12:17:04.0837 2296 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    12:17:04.0837 2296 tdcmdpst - ok
    12:17:04.0853 2296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    12:17:04.0853 2296 TDPIPE - ok
    12:17:04.0884 2296 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    12:17:04.0884 2296 TDTCP - ok
    12:17:04.0915 2296 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    12:17:04.0915 2296 tdx - ok
    12:17:04.0946 2296 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    12:17:04.0946 2296 TermDD - ok
    12:17:04.0977 2296 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    12:17:04.0993 2296 TermService - ok
    12:17:05.0009 2296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    12:17:05.0009 2296 Themes - ok
    12:17:05.0024 2296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    12:17:05.0024 2296 THREADORDER - ok
    12:17:05.0087 2296 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    12:17:05.0087 2296 TMachInfo - ok
    12:17:05.0102 2296 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    12:17:05.0102 2296 TODDSrv - ok
    12:17:05.0149 2296 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    12:17:05.0165 2296 TosCoSrv - ok
    12:17:05.0211 2296 [ BAE96AD126F4EED4D361B092BA2E61FE ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    12:17:05.0211 2296 TOSHIBA eco Utility Service - ok
    12:17:05.0274 2296 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    12:17:05.0274 2296 TOSHIBA HDD SSD Alert Service - ok
    12:17:05.0321 2296 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    12:17:05.0336 2296 TPCHSrv - ok
    12:17:05.0352 2296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    12:17:05.0352 2296 TrkWks - ok
    12:17:05.0414 2296 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    12:17:05.0414 2296 TrustedInstaller - ok
    12:17:05.0461 2296 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    12:17:05.0461 2296 tssecsrv - ok
    12:17:05.0508 2296 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    12:17:05.0508 2296 TsUsbFlt - ok
    12:17:05.0570 2296 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    12:17:05.0570 2296 tunnel - ok
    12:17:05.0601 2296 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    12:17:05.0601 2296 TVALZ - ok
    12:17:05.0617 2296 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    12:17:05.0617 2296 TVALZFL - ok
    12:17:05.0648 2296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    12:17:05.0648 2296 uagp35 - ok
    12:17:05.0695 2296 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    12:17:05.0711 2296 udfs - ok
    12:17:05.0742 2296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    12:17:05.0742 2296 UI0Detect - ok
    12:17:05.0757 2296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    12:17:05.0773 2296 uliagpkx - ok
    12:17:05.0835 2296 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    12:17:05.0835 2296 umbus - ok
    12:17:05.0867 2296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    12:17:05.0867 2296 UmPass - ok
    12:17:06.0038 2296 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    12:17:06.0085 2296 UNS - ok
    12:17:06.0132 2296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    12:17:06.0132 2296 upnphost - ok
    12:17:06.0194 2296 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    12:17:06.0194 2296 usbccgp - ok
    12:17:06.0225 2296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    12:17:06.0225 2296 usbcir - ok
    12:17:06.0241 2296 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    12:17:06.0241 2296 usbehci - ok
    12:17:06.0272 2296 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    12:17:06.0272 2296 usbhub - ok
    12:17:06.0288 2296 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    12:17:06.0288 2296 usbohci - ok
    12:17:06.0319 2296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    12:17:06.0319 2296 usbprint - ok
    12:17:06.0350 2296 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    12:17:06.0350 2296 USBSTOR - ok
    12:17:06.0366 2296 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    12:17:06.0366 2296 usbuhci - ok
    12:17:06.0397 2296 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    12:17:06.0397 2296 usbvideo - ok
    12:17:06.0428 2296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    12:17:06.0428 2296 UxSms - ok
    12:17:06.0444 2296 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    12:17:06.0444 2296 VaultSvc - ok
    12:17:06.0475 2296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    12:17:06.0475 2296 vdrvroot - ok
    12:17:06.0537 2296 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    12:17:06.0537 2296 vds - ok
    12:17:06.0569 2296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    12:17:06.0569 2296 vga - ok
    12:17:06.0584 2296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    12:17:06.0584 2296 VgaSave - ok
    12:17:06.0631 2296 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    12:17:06.0631 2296 vhdmp - ok
    12:17:06.0662 2296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    12:17:06.0678 2296 viaide - ok
    12:17:06.0709 2296 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    12:17:06.0709 2296 volmgr - ok
    12:17:06.0787 2296 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    12:17:06.0787 2296 volmgrx - ok
    12:17:06.0818 2296 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    12:17:06.0818 2296 volsnap - ok
    12:17:06.0881 2296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    12:17:06.0881 2296 vsmraid - ok
    12:17:07.0021 2296 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    12:17:07.0052 2296 VSS - ok
    12:17:07.0099 2296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    12:17:07.0099 2296 vwifibus - ok
    12:17:07.0115 2296 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    12:17:07.0115 2296 vwififlt - ok
    12:17:07.0146 2296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    12:17:07.0161 2296 W32Time - ok
    12:17:07.0193 2296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    12:17:07.0193 2296 WacomPen - ok
    12:17:07.0239 2296 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    12:17:07.0239 2296 WANARP - ok
    12:17:07.0239 2296 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    12:17:07.0239 2296 Wanarpv6 - ok
    12:17:07.0333 2296 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    12:17:07.0349 2296 WatAdminSvc - ok
    12:17:07.0442 2296 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    12:17:07.0458 2296 wbengine - ok
    12:17:07.0567 2296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    12:17:07.0567 2296 WbioSrvc - ok
    12:17:07.0661 2296 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    12:17:07.0676 2296 wcncsvc - ok
    12:17:07.0723 2296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    12:17:07.0723 2296 WcsPlugInService - ok
    12:17:07.0785 2296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    12:17:07.0785 2296 Wd - ok
    12:17:07.0895 2296 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    12:17:07.0910 2296 Wdf01000 - ok
    12:17:07.0926 2296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    12:17:07.0941 2296 WdiServiceHost - ok
    12:17:07.0973 2296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    12:17:07.0973 2296 WdiSystemHost - ok
    12:17:08.0051 2296 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    12:17:08.0066 2296 WebClient - ok
    12:17:08.0113 2296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    12:17:08.0129 2296 Wecsvc - ok
    12:17:08.0144 2296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    12:17:08.0144 2296 wercplsupport - ok
    12:17:08.0222 2296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    12:17:08.0238 2296 WerSvc - ok
    12:17:08.0285 2296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    12:17:08.0300 2296 WfpLwf - ok
    12:17:08.0331 2296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    12:17:08.0347 2296 WIMMount - ok
    12:17:08.0503 2296 WinDefend - ok
    12:17:08.0503 2296 WinHttpAutoProxySvc - ok
    12:17:08.0675 2296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    12:17:08.0706 2296 Winmgmt - ok
    12:17:09.0314 2296 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    12:17:09.0423 2296 WinRM - ok
    12:17:09.0938 2296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    12:17:10.0079 2296 Wlansvc - ok
    12:17:10.0172 2296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    12:17:10.0172 2296 WmiAcpi - ok
    12:17:10.0266 2296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    12:17:10.0281 2296 wmiApSrv - ok
    12:17:10.0313 2296 WMPNetworkSvc - ok
    12:17:10.0359 2296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    12:17:10.0359 2296 WPCSvc - ok
    12:17:10.0406 2296 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    12:17:10.0422 2296 WPDBusEnum - ok
    12:17:10.0453 2296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    12:17:10.0453 2296 ws2ifsl - ok
    12:17:10.0531 2296 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
    12:17:10.0531 2296 wscsvc - ok
    12:17:10.0531 2296 WSearch - ok
    12:17:10.0718 2296 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    12:17:10.0796 2296 wuauserv - ok
    12:17:10.0827 2296 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    12:17:10.0843 2296 WudfPf - ok
    12:17:10.0905 2296 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    12:17:10.0937 2296 WUDFRd - ok
    12:17:10.0968 2296 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    12:17:10.0999 2296 wudfsvc - ok
    12:17:11.0046 2296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    12:17:11.0061 2296 WwanSvc - ok
    12:17:11.0139 2296 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
    12:17:11.0155 2296 xusb21 - ok
    12:17:11.0155 2296 ================ Scan global ===============================
    12:17:11.0186 2296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    12:17:11.0264 2296 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
    12:17:11.0295 2296 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
    12:17:11.0342 2296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    12:17:11.0451 2296 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    12:17:11.0467 2296 [Global] - ok
    12:17:11.0467 2296 ================ Scan MBR ==================================
    12:17:11.0498 2296 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    12:17:11.0951 2296 \Device\Harddisk0\DR0 - ok
    12:17:11.0951 2296 ================ Scan VBR ==================================
    12:17:11.0951 2296 [ BD1DA00357B81C386FF0D6C059FC1763 ] \Device\Harddisk0\DR0\Partition1
    12:17:11.0966 2296 \Device\Harddisk0\DR0\Partition1 - ok
    12:17:11.0966 2296 ============================================================
    12:17:11.0966 2296 Scan finished
    12:17:11.0966 2296 ============================================================
    12:17:11.0966 3184 Detected object count: 1
    12:17:11.0966 3184 Actual detected object count: 1
    12:18:43.0694 3184 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    12:18:43.0694 3184 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
     
  19. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ============================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ===========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    # AdwCleaner v2.105 - Logfile created 01/12/2013 at 10:39:48
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Gramps - MUMBLES2X-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Gramps\Downloads\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\Gramps\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Gramps\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Mumbles2x\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Mumbles2x\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AskToolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Software
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7601.17514
    [OK] Registry is clean.
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Gramps\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [3691 octets] - [12/01/2013 10:38:40]
    AdwCleaner[S1].txt - [3704 octets] - [12/01/2013 10:39:48]
    ########## EOF - C:\AdwCleaner[S1].txt - [3764 octets] ##########

    After this I can now open my browser without using inprivate browsing. Not getting that message about missing file.
     
  21. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Gramps on Sat 01/12/2013 at 10:45:27.17
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

    ~~~ Files
    Successfully deleted: [File] C:\windows\prefetch\APNSTUB.EXE-967FFF60.pf

    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
    Successfully deleted: [Folder] "C:\Users\Gramps\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\Gramps\appdata\local\best buy pc app"

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/12/2013 at 10:53:05.59
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  22. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    OTL logfile created on: 1/12/2013 10:56:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gramps\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.59% Memory free
    5.73 Gb Paging File | 4.53 Gb Available in Paging File | 79.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 245.75 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
    Drive D: | 287.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MUMBLES2X-PC | User Name: Gramps | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/12 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gramps\Desktop\OTL.exe
    PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/10 08:02:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/11/11 11:17:49 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
    SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/22 20:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010/02/12 17:49:16 | 000,877,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)
    DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{2E6CC5D2-8388-44F6-873B-989E1FA8D19C}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{58DD3FC8-4430-4D58-B861-A65DF14CA7EA}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh09012012
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\SearchScopes,DefaultScope = {9E2E007C-5167-475F-8876-25F3F3846CA8}
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\SearchScopes\{58DD3FC8-4430-4D58-B861-A65DF14CA7EA}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\SearchScopes\{9E2E007C-5167-475F-8876-25F3F3846CA8}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7TSND_enUS411US414
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Gramps\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Gramps\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Gramps\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/08 15:41:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
    O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04CC289A-FDDE-4351-BD80-B33D66F878DE}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18830C7F-EE7A-46D2-ACB7-35C0106EEE1B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/28 17:17:03 | 001,838,104 | R--- | M] (Kaspersky Lab) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/05/07 07:10:25 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/12 10:55:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gramps\Desktop\OTL.exe
    [2013/01/12 10:45:24 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/01/12 10:45:16 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/10 07:46:05 | 000,000,000 | ---D | C] -- C:\Users\Gramps\Desktop\mbar-1.01.0.1011[1]
    [2013/01/10 07:38:59 | 000,000,000 | ---D | C] -- C:\Users\Gramps\AppData\Roaming\WinRAR
    [2013/01/09 17:04:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/08 16:21:31 | 000,000,000 | ---D | C] -- C:\3289d9febc9d439307069b
    [2013/01/08 15:39:31 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2013/01/08 15:31:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2013/01/08 15:31:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2013/01/08 15:31:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2013/01/08 15:26:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/07 19:09:26 | 000,000,000 | ---D | C] -- C:\Users\Gramps\Desktop\RK_Quarantine
    [2013/01/06 08:54:51 | 000,000,000 | ---D | C] -- C:\Users\Gramps\AppData\Local\Programs
    [2012/12/19 17:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

    ========== Files - Modified Within 30 Days ==========

    [2013/01/12 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gramps\Desktop\OTL.exe
    [2013/01/12 10:54:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/12 10:48:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/12 10:48:02 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/12 10:41:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/12 10:40:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/01/12 10:40:43 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/11 23:02:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/01/08 20:10:17 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/01/08 16:23:42 | 000,746,568 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/01/08 16:23:42 | 000,628,320 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/01/08 16:23:42 | 000,108,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/01/08 15:41:25 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2013/01/07 19:42:13 | 000,000,512 | ---- | M] () -- C:\Users\Gramps\Desktop\MBR.dat
    [2013/01/06 08:55:24 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/19 17:56:11 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2013/01/08 15:31:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2013/01/08 15:31:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2013/01/08 15:31:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/01/08 15:31:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/01/08 15:31:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/01/07 19:42:13 | 000,000,512 | ---- | C] () -- C:\Users\Gramps\Desktop\MBR.dat
    [2012/12/19 17:56:11 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2011/12/19 15:04:57 | 000,013,064 | -HS- | C] () -- C:\ProgramData\e5xj34e0cb2pjt
    [2011/12/10 12:28:28 | 000,010,336 | -HS- | C] () -- C:\ProgramData\cupibp5b3wqn8vij3aox8y410e1b
    [2011/04/08 22:35:26 | 000,006,156 | -HS- | C] () -- C:\ProgramData\p01466yq787g02dkm22q

    ========== ZeroAccess Check ==========

    [2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\@
    [2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\L
    [2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\U
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/09 11:06:20 | 000,000,000 | ---D | M] -- C:\Users\Gramps\AppData\Roaming\PC Utility Kit
    [2012/11/03 18:27:44 | 000,000,000 | ---D | M] -- C:\Users\Gramps\AppData\Roaming\Toshiba
    [2012/09/02 17:29:27 | 000,000,000 | ---D | M] -- C:\Users\Gramps\AppData\Roaming\WinBatch
    [2011/03/11 21:34:57 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\.bsnes
    [2011/09/04 13:42:45 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\gtk-2.0
    [2010/12/25 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\Tific
    [2011/01/31 09:56:43 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\Toshiba
    [2010/12/25 08:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mumbles2x\AppData\Roaming\WinBatch

    ========== Purity Check ==========


    < End of report >
     
  23. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    OTL Extras logfile created on: 1/12/2013 10:56:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gramps\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.59% Memory free
    5.73 Gb Paging File | 4.53 Gb Available in Paging File | 79.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.29 Gb Total Space | 245.75 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
    Drive D: | 287.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MUMBLES2X-PC | User Name: Gramps | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-1999489102-630139991-3584140911-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00C0130A-44C0-4765-A174-C9E8B7605DFD}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{06B6CD19-ED9B-4AEE-A643-440BCAC74D06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{0CFA79B6-F7F0-42CD-9D6F-BC00909A93E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0DF582B0-40F6-48C3-9B96-D3548DFF9D39}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{137A8EE1-40EC-46D3-AC72-129F5D03D106}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{296C3A82-2C22-440B-AA0F-F9C89041FAB6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{32B85F30-2DAB-4045-B694-069499C505DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{373DDA70-3A71-44F0-B948-09C450CDCFD4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3EF109BC-CAE5-4AD2-8B94-8EFA0EEA1560}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5945B946-2607-42DE-9EC9-E8F58E07AA32}" = rport=139 | protocol=6 | dir=out | app=system |
    "{61A7A347-408F-4266-9E30-09E6415C4073}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6371C1B6-AC70-494B-AC42-42B6EC9E7B2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{639E28C9-9477-49C2-891B-0C13859FFA17}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{690224C4-E4F8-4657-B00E-86174F1DC99A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6B3ECE55-25D5-45C8-B67F-8B2786B2CEF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{710CAF2C-918D-402C-B0F7-61283CCBFC82}" = rport=137 | protocol=17 | dir=out | app=system |
    "{759CEF91-2C5C-4CE7-8FA1-BB57B1D1559A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{82ACC0C0-9A6C-4831-949F-394339BAD7F9}" = lport=445 | protocol=6 | dir=in | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A6DD1D96-9F3B-45C2-AD98-40B4DE52B129}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A8A43775-E273-4E90-BD01-427AA49156E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AF3F1F5D-5A6F-4570-8F7E-4AF52DCE6668}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CEEF4CEA-5095-4F6A-B10A-5C49CAF7EBB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D778D21F-0149-48E0-9190-01ED8B5E57B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E4C86446-E664-4D9C-A88E-398245AD8DDB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{031E1EB8-3EDB-41F7-8B7B-9FB955D3FA49}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{0389AAE8-6300-4876-B0A7-D977BE2DC62A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{0C18A815-E4A1-47D8-BC51-9F2E50E23734}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{105ADFFD-5500-467A-A54F-90715CCAC254}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1C66D020-1A97-491A-A7F1-87D7739987D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{28696D14-65AF-4A43-8FE0-687C9C40AE39}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{340B791B-8988-440E-A944-5C0DB8A95965}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{4477E24E-744A-4022-BBDA-7F8D93CBBCC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{46BAAFA2-3CAB-44D3-8E51-E7B9C0832F27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{49235A90-2B03-40D9-A24E-ECD4BB53DAB3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{4AA2CC74-E4B7-49C5-8B0E-2C3A9269E263}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6029BBB2-24F4-423D-AC67-0202A7E80ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{66E92CA8-F3C6-43F1-A707-9CC3E3CDB6B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{670D2806-CEB2-4673-B536-383E5DF2C50B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{6721ADEB-573B-40BD-AEFC-B7252651DFC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6F3DE11D-DEA7-4666-B395-0B7E98AA8755}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{729A7740-ECA2-48EE-8554-64DBA23B0F2F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{75C5BFC7-BD82-4DE9-A10E-2F6392FB541E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7C950317-3829-4F16-B39D-45AF2728DCFA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{7DB5CF36-2155-4025-A37E-C10F7C7D1339}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8EA03564-4FA7-4281-9020-2E3F590BFF89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{956F829D-23E7-4C6E-BDFD-1EE98EF276AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{98C9A364-FA89-47E7-99D3-6CB50FB88519}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A814E9BD-EFA9-4E48-972E-570DF18AD320}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B0279C11-5C43-4A49-B727-E891678C25AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B6E9648D-878C-4E36-A73D-DE221B5AD88C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{BEA41E73-8095-4142-8B1B-39316CB01A29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C0ACC0A1-63BC-43E3-9C93-F00E30AE94E8}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
    "{CD5D2B85-1BFC-4A39-8960-2D8031640991}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CDC399AF-E67E-4371-94DB-1E6DA6F62E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8FA0B6E-8498-4D90-9E17-69B5FB9A0053}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{DA858331-0751-4FF6-9147-4688A53BE413}" = protocol=6 | dir=out | app=system |
    "{E4532C29-F767-4EBC-B5B1-3DECA5FAF7EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E5A3A64A-E6C4-4699-B31F-849C0EE57015}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F6C72F96-92EA-4162-B425-E142F9F536A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{14F83878-CC0F-4CC7-A6AF-6FD3597CD744}C:\users\mumbles2x\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mumbles2x\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{2FBABDA5-639B-4C82-A933-28AC74ADC7B0}C:\users\mumbles2x\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mumbles2x\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{2FF9EDD4-1349-46FF-8DC2-087B991629AC}C:\users\mumbles2x\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mumbles2x\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{B20080C6-8114-44F2-BEE3-3B4215126F47}C:\users\mumbles2x\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mumbles2x\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Project64 1.7" = Project64 1.7
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)

    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 47,641   +267

    What happened to Avira?
    I don't see it running.

    ===========================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      O3 - HKU\S-1-5-21-1999489102-630139991-3584140911-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/19 15:04:57 | 000,013,064 | -HS- | C] () -- C:\ProgramData\e5xj34e0cb2pjt
      [2011/12/10 12:28:28 | 000,010,336 | -HS- | C] () -- C:\ProgramData\cupibp5b3wqn8vij3aox8y410e1b
      [2011/04/08 22:35:26 | 000,006,156 | -HS- | C] () -- C:\ProgramData\p01466yq787g02dkm22q
      [2011/11/17 01:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\@
      [2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\L
      [2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Mumbles2x\AppData\Local\{e61a80e3-a40e-aef8-9206-a99a727233f8}\U
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  25. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 184

    I removed it as instructed earlier so as to run scans. Was instructed that I can reinstall when finished with cleanings. Shall I reinstall now?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.