Trojan:WinNT/Simda.gen!A how to remove

Solved
By Communications
Sep 17, 2012
  1. Lately I have been having internet issues at home on my laptop. some pages I cant load, and what pages do load are redirected to ip adresses and freeze my computer. when I brows the web useing CyberGhost VPN everything works fine. I found a warning in my event viewer from Microsoft Antimaleware stating that it found the virus Trojan:WinNT/Simda.gen!A and is in file:_C:\Windows\System32\drivers\Wdf01000.sys. when I scanned the computer with Microsoft Security Essentials it found nothing, and AVG found nothing as well. I really dont want to go out and buy a new computer, so im hopeing someone here can help me out. thanks
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Here is the Malwarebytes Anti-Malware log

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.19.01
    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Matt :: MATT-PC [administrator]
    Protection: Enabled
    9/18/2012 11:29:46 PM
    mbam-log-2012-09-18 (23-29-46).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 69867
    Time elapsed: 52 minute(s), 12 second(s) [aborted]
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 26
    HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
    (end)
  4. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Here is from another scan the first scan was interupted, so I re did the scan and was completed.
    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.09.19.01
    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Matt :: MATT-PC [administrator]
    Protection: Enabled
    9/19/2012 12:43:22 AM
    mbam-log-2012-09-19 (00-43-22).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 359537
    Time elapsed: 1 hour(s), 30 minute(s), 36 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 6
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    My antivirus (AVG) found nothing. and im going to do the GMER scan next and ill post the information. as far as a computer update the computer remains in the same state, and my ISP (RoadRunner) has done nothing but escallating my case to higher levels, as they dont know whats wrong either. im at work right now, I have slightly faster speeds, but im still unable to access sites such as google, and bing.
  5. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    This is from the GMER scan...

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-19 02:37:13
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS545025B9A300 rev.PB2OC64G
    Running: gmer.exe; Driver: C:\Users\Matt\AppData\Local\Temp\kxldypow.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    ---- Threads - GMER 1.0.15 ----
    Thread System [4:1164] 8679D0F4
    ---- EOF - GMER 1.0.15 ----
  6. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Here is the DDS report
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Matt at 2:39:57 on 2012-09-19
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.797 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k hpdevmgmt
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\taskeng.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Enterasys Networks\NAC Agent\NacAgent.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\windows\system32\perfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
    C:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://search.autocompletepro.com/?si=7148&bi=400
    uStart Page = hxxp://www.facebook.com/home.php
    uDefault_Page_URL = hxxp://www.maxiwe.com
    uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=7148&bi=400
    uSearch Bar = hxxp://search.autocompletepro.com/?si=7148&bi=400
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyServer = ftp=118.97.170.195:8080;http=118.97.170.195:8080;https=118.97.170.195:8080
    uURLSearchHooks: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
    uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [CyberGhost VPN] "c:\program files\cyberghost vpn\Cyberghost.exe"
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nacass~1.lnk - c:\program files\enterasys networks\nac agent\NacAgent.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://weather-port.southlewis.org/JpegInst.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 10.3.10.11 10.3.10.10
    TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90} : DhcpNameServer = 10.3.10.11 10.3.10.10
    TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\6627F6E64796562793644433 : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\C4F6776796C6C6560235779647368627F6F6D6 : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\E4544574541425 : DhcpNameServer = 192.166.4.1
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 MpKslbb0d9de2;MpKslbb0d9de2;c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\MpKslbb0d9de2.sys [2012-9-19 29904]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-18 176128]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-18 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-18 676936]
    R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-3-28 2438696]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-18 22856]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-18 167936]
    R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-18 54136]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 usbanyka;USB Web Camera;c:\windows\system32\drivers\usbanyka.sys [2010-5-3 17536]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-09-19 06:33:58 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\MpKslbb0d9de2.sys
    2012-09-19 03:26:36 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
    2012-09-19 03:26:12 -------- d-----w- c:\programdata\Malwarebytes
    2012-09-19 03:26:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-19 03:26:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-19 03:11:43 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\mpengine.dll
    2012-09-17 18:55:10 -------- d-----w- c:\program files\Advanced Fix 2012
    2012-09-17 17:09:04 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
    2012-09-17 17:09:03 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{912f016c-a6d6-4164-aeb8-42b2f56a93f3}\gapaengine.dll
    2012-09-17 17:08:25 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-09-16 23:36:56 14664 ----a-w- c:\windows\stinger.sys
    2012-09-16 23:35:54 -------- d-----w- c:\program files\stinger
    2012-09-16 20:40:36 -------- d-----w- c:\users\matt\appdata\local\Mozilla
    2012-09-16 19:10:30 -------- d-----w- c:\users\matt\appdata\roaming\SpeedyPC Software
    2012-09-16 19:10:30 -------- d-----w- c:\users\matt\appdata\roaming\DriverCure
    2012-09-16 19:09:55 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-09-16 09:21:08 -------- d-----w- c:\users\matt\appdata\roaming\TuneUp Software
    2012-09-16 03:34:21 -------- d-----w- c:\users\matt\appdata\roaming\AVG2013
    2012-09-16 03:26:25 -------- d-----w- c:\users\matt\appdata\local\MFAData
    2012-09-16 03:26:25 -------- d-----w- c:\users\matt\appdata\local\Avg2013
    2012-09-15 10:01:07 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cf150209-b4ad-4220-9477-c0c0a376de7c}\mpengine.dll
    2012-09-14 23:20:01 110 ----a-w- c:\windows\system32\reem.bat
    2012-09-12 15:25:35 -------- d-----w- c:\users\matt\appdata\roaming\S.A.D
    2012-09-10 17:58:50 -------- d-----w- c:\users\matt\appdata\roaming\backup
    .
    ==================== Find3M ====================
    .
    2012-09-15 10:13:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-15 10:13:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ============= FINISH: 2:41:01.20 ===============
  7. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    I appreciate your time and effort you put into this, and your help is also greatly appreciated.
  8. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    I still need Attach.txt part of DDS.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/3/2010 6:42:11 PM
    System Uptime: 9/19/2012 2:16:39 AM (0 hours ago)
    .
    Motherboard: TOSHIBA | | NBWAE
    Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 152.917 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet P2055dn
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet P2055dn
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1003: 8/31/2012 3:13:36 PM - Scheduled Checkpoint
    RP1004: 9/10/2012 1:49:51 PM - Removed ARC XT PRO for Uniden XT series
    RP1005: 9/10/2012 1:57:15 PM - Installed ARC15PRO for Uniden BCT-15
    RP1006: 9/13/2012 8:32:34 AM - Windows Update
    RP1007: 9/14/2012 3:00:12 AM - Windows Update
    RP1008: 9/14/2012 4:08:11 AM - Windows Update
    RP1009: 9/14/2012 10:14:27 PM - Restore Operation
    RP1010: 9/14/2012 10:24:05 PM - Windows Update
    RP1011: 9/14/2012 10:37:54 PM - Restore Operation
    RP1012: 9/14/2012 10:47:40 PM - Windows Update
    RP1013: 9/14/2012 11:09:56 PM - Windows Update
    RP1014: 9/15/2012 3:00:11 AM - Windows Update
    RP1015: 9/15/2012 5:54:18 AM - Restore Operation
    RP1016: 9/15/2012 6:07:56 AM - Windows Update
    RP1017: 9/15/2012 6:14:46 AM - Windows Update
    RP1018: 9/15/2012 11:28:37 PM - Installed AVG 2013
    RP1019: 9/15/2012 11:29:27 PM - Installed AVG 2013
    RP1020: 9/16/2012 3:00:11 AM - Windows Update
    RP1021: 9/16/2012 3:23:32 PM - Removed Facebook Video Calling 1.2.0.159
    RP1022: 9/17/2012 10:34:34 AM - Windows Update
    RP1023: 9/17/2012 12:03:40 PM - Removed AVG 2013
    RP1024: 9/17/2012 12:09:42 PM - Removed AVG 2013
    RP1025: 9/17/2012 1:07:24 PM - Windows Update
    RP1026: 9/18/2012 11:10:38 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    3GP Player 2009
    7-Zip 4.57
    AC3Filter 1.63b
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.6
    ARC XT for Uniden XT series
    ARC XT PRO for Uniden XT series
    ATI Catalyst Install Manager
    AVG PC Tuneup 2011
    bpd_scan_Carrier
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CDDRV_Installer
    Compatibility Pack for the 2007 Office system
    CyberGhost VPN Patch 4.7.19
    Destinations
    DeviceDiscovery
    DocProc
    Enterasys NAC Assessment Agent
    erLT
    Fax
    FrostWire 4.21.8
    FrostWire 5.3.7
    Google Update Helper
    GPBaseService2
    HP Driver Diagnostics
    HPProductAssistant
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    KhalInstallWrapper
    Label@Once 1.0
    Logitech SetPoint
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MPM
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    PlayReady PC Runtime x86
    Privacy SafeGuard version 1.0
    ProductContext
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Scan
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    SmartWebPrinting
    SolutionCenter
    Status
    Synaptics Pointing Device Driver
    Toolbox
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    ToshibaRegistration
    Trainz Simulator 2009: World Builder Edition
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Utility Common Driver
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/19/2012 2:19:25 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    9/19/2012 2:17:03 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    9/19/2012 2:17:03 AM, Error: atikmdag [43029] - Display is not active
    9/18/2012 7:46:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/18/2012 7:41:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    9/18/2012 7:39:05 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/18/2012 6:42:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    9/18/2012 6:36:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 5:21:14 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
    9/18/2012 5:21:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee2 Error description: The operation timed out
    9/18/2012 10:59:46 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
    9/17/2012 12:08:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1738.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
    9/17/2012 10:29:24 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840
    9/17/2012 10:28:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    9/17/2012 10:27:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/17/2012 10:27:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/15/2012 6:00:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/15/2012 6:00:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/15/2012 11:00:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/15/2012 11:00:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 9:55:02 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Matt-PC\Guest SID (S-1-5-21-1541042141-3281804592-2248747456-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    9/14/2012 7:50:15 PM, Error: Service Control Manager [7000] - The 3294 service failed to start due to the following error: The system cannot find the file specified.
    9/14/2012 7:50:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 7:50:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 7:44:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/14/2012 7:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/14/2012 7:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    9/14/2012 7:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    9/14/2012 7:43:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/14/2012 7:43:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/14/2012 7:43:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    9/14/2012 7:37:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 7:37:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 7:23:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 7:23:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 7:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    9/14/2012 4:10:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 4:10:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 3:54:04 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/14/2012 3:46:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 3:46:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 3:43:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 3:43:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 10:52:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 10:52:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 10:44:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 10:44:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/14/2012 10:20:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/14/2012 10:20:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/13/2012 2:29:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    9/12/2012 2:20:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    9/12/2012 2:20:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    9/12/2012 1:59:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JAMES-UC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD1D8390-CDF3-415C-8C70-19F314942. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
  10. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    TDSS Killer produced 2 files...
    13:05:35.0420 2676 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    13:05:35.0732 2676 ============================================================
    13:05:35.0732 2676 Current date / time: 2012/09/20 13:05:35.0732
    13:05:35.0732 2676 SystemInfo:
    13:05:35.0732 2676
    13:05:35.0732 2676 OS Version: 6.1.7600 ServicePack: 0.0
    13:05:35.0732 2676 Product type: Workstation
    13:05:35.0732 2676 ComputerName: MATT-PC
    13:05:35.0732 2676 UserName: Matt
    13:05:35.0732 2676 Windows directory: C:\windows
    13:05:35.0732 2676 System windows directory: C:\windows
    13:05:35.0732 2676 Processor architecture: Intel x86
    13:05:35.0732 2676 Number of processors: 1
    13:05:35.0732 2676 Page size: 0x1000
    13:05:35.0732 2676 Boot type: Normal boot
    13:05:35.0732 2676 ============================================================
    13:05:37.0635 2676 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:05:37.0635 2676 ============================================================
    13:05:37.0635 2676 \Device\Harddisk0\DR0:
    13:05:37.0635 2676 MBR partitions:
    13:05:37.0635 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
    13:05:37.0635 2676 ============================================================
    13:05:37.0651 2676 C: <-> \Device\Harddisk0\DR0\Partition1
    13:05:37.0651 2676 ============================================================
    13:05:37.0651 2676 Initialize success
    13:05:37.0651 2676 ============================================================
    13:05:46.0699 3784 ============================================================
    13:05:46.0699 3784 Scan started
    13:05:46.0699 3784 Mode: Manual;
    13:05:46.0699 3784 ============================================================
    13:05:47.0853 3784 ================ Scan system memory ========================
    13:05:47.0853 3784 System memory - ok
    13:05:47.0853 3784 ================ Scan services =============================
    13:05:47.0978 3784 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
    13:05:47.0978 3784 1394ohci - ok
    13:05:48.0025 3784 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
    13:05:48.0025 3784 ACPI - ok
    13:05:48.0056 3784 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
    13:05:48.0056 3784 AcpiPmi - ok
    13:05:48.0150 3784 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:05:48.0150 3784 AdobeFlashPlayerUpdateSvc - ok
    13:05:48.0212 3784 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    13:05:48.0212 3784 adp94xx - ok
    13:05:48.0259 3784 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    13:05:48.0259 3784 adpahci - ok
    13:05:48.0290 3784 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    13:05:48.0290 3784 adpu320 - ok
    13:05:48.0337 3784 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    13:05:48.0337 3784 AeLookupSvc - ok
    13:05:48.0415 3784 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
    13:05:48.0415 3784 AFD - ok
    13:05:48.0477 3784 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
    13:05:48.0493 3784 AgereSoftModem - ok
    13:05:48.0524 3784 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
    13:05:48.0524 3784 agp440 - ok
    13:05:48.0571 3784 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
    13:05:48.0571 3784 aic78xx - ok
    13:05:48.0633 3784 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
    13:05:48.0633 3784 ALG - ok
    13:05:48.0664 3784 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
    13:05:48.0664 3784 aliide - ok
    13:05:48.0727 3784 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    13:05:48.0742 3784 AMD External Events Utility - ok
    13:05:48.0774 3784 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
    13:05:48.0789 3784 amdagp - ok
    13:05:48.0820 3784 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
    13:05:48.0820 3784 amdide - ok
    13:05:48.0867 3784 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    13:05:48.0867 3784 AmdK8 - ok
    13:05:48.0930 3784 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    13:05:48.0930 3784 AmdPPM - ok
    13:05:48.0976 3784 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
    13:05:48.0976 3784 amdsata - ok
    13:05:49.0008 3784 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    13:05:49.0008 3784 amdsbs - ok
    13:05:49.0054 3784 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
    13:05:49.0054 3784 amdxata - ok
    13:05:49.0086 3784 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
    13:05:49.0101 3784 AppID - ok
    13:05:49.0132 3784 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
    13:05:49.0132 3784 AppIDSvc - ok
    13:05:49.0164 3784 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
    13:05:49.0164 3784 Appinfo - ok
    13:05:49.0210 3784 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
    13:05:49.0210 3784 arc - ok
    13:05:49.0226 3784 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    13:05:49.0242 3784 arcsas - ok
    13:05:49.0273 3784 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    13:05:49.0273 3784 AsyncMac - ok
    13:05:49.0288 3784 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
    13:05:49.0288 3784 atapi - ok
    13:05:49.0444 3784 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
    13:05:49.0554 3784 atikmdag - ok
    13:05:49.0616 3784 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
    13:05:49.0616 3784 AtiPcie - ok
    13:05:49.0678 3784 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    13:05:49.0694 3784 AudioEndpointBuilder - ok
    13:05:49.0710 3784 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
    13:05:49.0725 3784 Audiosrv - ok
    13:05:49.0772 3784 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
    13:05:49.0772 3784 AxInstSV - ok
    13:05:49.0834 3784 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
    13:05:49.0834 3784 b06bdrv - ok
    13:05:49.0866 3784 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
    13:05:49.0866 3784 b57nd60x - ok
    13:05:49.0928 3784 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
    13:05:49.0928 3784 BDESVC - ok
    13:05:49.0944 3784 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
    13:05:49.0944 3784 Beep - ok
    13:05:50.0006 3784 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
    13:05:50.0006 3784 BFE - ok
    13:05:50.0068 3784 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
    13:05:50.0068 3784 BITS - ok
    13:05:50.0115 3784 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    13:05:50.0115 3784 blbdrive - ok
    13:05:50.0178 3784 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    13:05:50.0178 3784 bowser - ok
    13:05:50.0209 3784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    13:05:50.0209 3784 BrFiltLo - ok
    13:05:50.0240 3784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    13:05:50.0240 3784 BrFiltUp - ok
    13:05:50.0287 3784 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\windows\System32\browser.dll
    13:05:50.0287 3784 Browser - ok
    13:05:50.0349 3784 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
    13:05:50.0349 3784 Brserid - ok
    13:05:50.0380 3784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    13:05:50.0380 3784 BrSerWdm - ok
    13:05:50.0412 3784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    13:05:50.0412 3784 BrUsbMdm - ok
    13:05:50.0443 3784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    13:05:50.0443 3784 BrUsbSer - ok
    13:05:50.0458 3784 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    13:05:50.0474 3784 BTHMODEM - ok
    13:05:50.0536 3784 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
    13:05:50.0536 3784 bthserv - ok
    13:05:50.0583 3784 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    13:05:50.0583 3784 cdfs - ok
    13:05:50.0646 3784 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    13:05:50.0646 3784 cdrom - ok
    13:05:50.0692 3784 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
    13:05:50.0692 3784 CertPropSvc - ok
    13:05:50.0817 3784 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    13:05:50.0817 3784 cfWiMAXService - ok
    13:05:51.0020 3784 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    13:05:51.0036 3784 CGVPNCliSrvc - ok
    13:05:51.0082 3784 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
    13:05:51.0082 3784 circlass - ok
    13:05:51.0129 3784 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
    13:05:51.0129 3784 CLFS - ok
    13:05:51.0207 3784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:05:51.0223 3784 clr_optimization_v2.0.50727_32 - ok
    13:05:51.0254 3784 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    13:05:51.0254 3784 CmBatt - ok
    13:05:51.0285 3784 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
    13:05:51.0285 3784 cmdide - ok
    13:05:51.0316 3784 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\windows\system32\Drivers\cng.sys
    13:05:51.0316 3784 CNG - ok
    13:05:51.0348 3784 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    13:05:51.0348 3784 Compbatt - ok
    13:05:51.0394 3784 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    13:05:51.0394 3784 CompositeBus - ok
    13:05:51.0426 3784 COMSysApp - ok
    13:05:51.0472 3784 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    13:05:51.0472 3784 ConfigFree Service - ok
    13:05:51.0504 3784 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    13:05:51.0504 3784 crcdisk - ok
    13:05:51.0566 3784 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\windows\system32\cryptsvc.dll
    13:05:51.0566 3784 CryptSvc - ok
    13:05:51.0613 3784 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
    13:05:51.0628 3784 DcomLaunch - ok
    13:05:51.0660 3784 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
    13:05:51.0675 3784 defragsvc - ok
    13:05:51.0722 3784 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    13:05:51.0722 3784 DfsC - ok
    13:05:51.0769 3784 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
    13:05:51.0784 3784 Dhcp - ok
    13:05:51.0816 3784 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
    13:05:51.0816 3784 discache - ok
    13:05:51.0878 3784 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
    13:05:51.0878 3784 Disk - ok
    13:05:51.0925 3784 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
    13:05:51.0925 3784 Dnscache - ok
    13:05:51.0972 3784 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
    13:05:51.0972 3784 dot3svc - ok
    13:05:52.0034 3784 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
    13:05:52.0034 3784 Dot4 - ok
    13:05:52.0096 3784 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
    13:05:52.0096 3784 Dot4Print - ok
    13:05:52.0128 3784 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
    13:05:52.0128 3784 dot4usb - ok
    13:05:52.0174 3784 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
    13:05:52.0174 3784 DPS - ok
    13:05:52.0221 3784 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    13:05:52.0221 3784 drmkaud - ok
    13:05:52.0268 3784 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    13:05:52.0284 3784 DXGKrnl - ok
    13:05:52.0330 3784 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
    13:05:52.0346 3784 EapHost - ok
    13:05:52.0455 3784 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
    13:05:52.0518 3784 ebdrv - ok
    13:05:52.0549 3784 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\windows\System32\lsass.exe
    13:05:52.0564 3784 EFS - ok
    13:05:52.0642 3784 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\windows\ehome\ehRecvr.exe
    13:05:52.0642 3784 ehRecvr - ok
    13:05:52.0674 3784 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
    13:05:52.0674 3784 ehSched - ok
    13:05:52.0736 3784 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    13:05:52.0752 3784 elxstor - ok
    13:05:52.0767 3784 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
    13:05:52.0783 3784 ErrDev - ok
    13:05:52.0845 3784 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
    13:05:52.0845 3784 EventSystem - ok
    13:05:52.0876 3784 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
    13:05:52.0876 3784 exfat - ok
    13:05:52.0908 3784 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
    13:05:52.0908 3784 fastfat - ok
    13:05:52.0954 3784 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
    13:05:52.0970 3784 Fax - ok
    13:05:53.0017 3784 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
    13:05:53.0017 3784 fdc - ok
    13:05:53.0064 3784 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
    13:05:53.0064 3784 fdPHost - ok
    13:05:53.0095 3784 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
    13:05:53.0095 3784 FDResPub - ok
    13:05:53.0126 3784 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    13:05:53.0126 3784 FileInfo - ok
    13:05:53.0204 3784 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    13:05:53.0220 3784 Filetrace - ok
    13:05:53.0251 3784 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    13:05:53.0266 3784 flpydisk - ok
    13:05:53.0360 3784 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    13:05:53.0360 3784 FltMgr - ok
    13:05:53.0500 3784 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\windows\system32\FntCache.dll
    13:05:53.0516 3784 FontCache - ok
    13:05:53.0688 3784 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    13:05:53.0688 3784 FontCache3.0.0.0 - ok
    13:05:53.0734 3784 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    13:05:53.0734 3784 FsDepends - ok
    13:05:53.0750 3784 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    13:05:53.0750 3784 Fs_Rec - ok
    13:05:53.0781 3784 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    13:05:53.0797 3784 fvevol - ok
    13:05:53.0828 3784 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    13:05:53.0828 3784 gagp30kx - ok
    13:05:53.0890 3784 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
    13:05:53.0906 3784 gpsvc - ok
    13:05:53.0953 3784 gupdate - ok
    13:05:53.0968 3784 gupdatem - ok
    13:05:54.0000 3784 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    13:05:54.0015 3784 hcw85cir - ok
    13:05:54.0062 3784 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    13:05:54.0062 3784 HdAudAddService - ok
    13:05:54.0109 3784 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    13:05:54.0124 3784 HDAudBus - ok
    13:05:54.0156 3784 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    13:05:54.0156 3784 HidBatt - ok
    13:05:54.0187 3784 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    13:05:54.0187 3784 HidBth - ok
    13:05:54.0234 3784 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    13:05:54.0234 3784 HidIr - ok
    13:05:54.0280 3784 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
    13:05:54.0280 3784 hidserv - ok
    13:05:54.0327 3784 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    13:05:54.0327 3784 HidUsb - ok
    13:05:54.0358 3784 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
    13:05:54.0374 3784 hkmsvc - ok
    13:05:54.0390 3784 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
    13:05:54.0405 3784 HomeGroupListener - ok
    13:05:54.0436 3784 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    13:05:54.0436 3784 HomeGroupProvider - ok
    13:05:54.0577 3784 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    13:05:54.0577 3784 hpqcxs08 - ok
    13:05:54.0608 3784 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    13:05:54.0608 3784 hpqddsvc - ok
    13:05:54.0655 3784 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
    13:05:54.0655 3784 HpSAMD - ok
    13:05:54.0733 3784 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    13:05:54.0733 3784 HPSLPSVC - ok
    13:05:54.0795 3784 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
    13:05:54.0795 3784 HTTP - ok
    13:05:54.0826 3784 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    13:05:54.0826 3784 hwpolicy - ok
    13:05:54.0873 3784 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    13:05:54.0873 3784 i8042prt - ok
    13:05:54.0920 3784 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
    13:05:54.0920 3784 iaStorV - ok
    13:05:54.0998 3784 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:05:55.0014 3784 idsvc - ok
    13:05:55.0060 3784 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    13:05:55.0076 3784 iirsp - ok
    13:05:55.0123 3784 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
    13:05:55.0138 3784 IKEEXT - ok
    13:05:55.0263 3784 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
    13:05:55.0294 3784 IntcAzAudAddService - ok
    13:05:55.0326 3784 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
    13:05:55.0326 3784 intelide - ok
    13:05:55.0372 3784 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    13:05:55.0372 3784 intelppm - ok
    13:05:55.0419 3784 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
    13:05:55.0419 3784 IPBusEnum - ok
    13:05:55.0450 3784 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    13:05:55.0450 3784 IpFilterDriver - ok
    13:05:55.0497 3784 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    13:05:55.0513 3784 iphlpsvc - ok
    13:05:55.0544 3784 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
    13:05:55.0544 3784 IPMIDRV - ok
    13:05:55.0591 3784 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
    13:05:55.0591 3784 IPNAT - ok
    13:05:55.0622 3784 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
    13:05:55.0622 3784 IRENUM - ok
    13:05:55.0653 3784 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
    13:05:55.0653 3784 isapnp - ok
    13:05:55.0684 3784 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
    13:05:55.0700 3784 iScsiPrt - ok
    13:05:55.0747 3784 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    13:05:55.0747 3784 kbdclass - ok
    13:05:55.0794 3784 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    13:05:55.0794 3784 kbdhid - ok
    13:05:55.0825 3784 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\windows\system32\lsass.exe
    13:05:55.0825 3784 KeyIso - ok
    13:05:55.0856 3784 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    13:05:55.0856 3784 KSecDD - ok
    13:05:55.0903 3784 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    13:05:55.0903 3784 KSecPkg - ok
    13:05:55.0950 3784 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
    13:05:55.0965 3784 KtmRm - ok
    13:05:56.0028 3784 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
    13:05:56.0028 3784 LanmanServer - ok
    13:05:56.0059 3784 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    13:05:56.0059 3784 LanmanWorkstation - ok
    13:05:56.0184 3784 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    13:05:56.0184 3784 LBTServ - ok
    13:05:56.0246 3784 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
    13:05:56.0246 3784 LHidFilt - ok
    13:05:56.0308 3784 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    13:05:56.0308 3784 lltdio - ok
    13:05:56.0340 3784 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
    13:05:56.0355 3784 lltdsvc - ok
    13:05:56.0386 3784 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
    13:05:56.0386 3784 lmhosts - ok
    13:05:56.0418 3784 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
    13:05:56.0418 3784 LMouFilt - ok
    13:05:56.0480 3784 [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
    13:05:56.0480 3784 LPCFilter - ok
    13:05:56.0527 3784 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    13:05:56.0527 3784 LSI_FC - ok
    13:05:56.0574 3784 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    13:05:56.0574 3784 LSI_SAS - ok
    13:05:56.0605 3784 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    13:05:56.0605 3784 LSI_SAS2 - ok
    13:05:56.0636 3784 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    13:05:56.0636 3784 LSI_SCSI - ok
    13:05:56.0667 3784 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
    13:05:56.0683 3784 luafv - ok
    13:05:56.0714 3784 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\windows\system32\Drivers\LUsbFilt.Sys
    13:05:56.0730 3784 LUsbFilt - ok
    13:05:56.0776 3784 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    13:05:56.0776 3784 Mcx2Svc - ok
    13:05:56.0823 3784 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    13:05:56.0823 3784 megasas - ok
    13:05:56.0854 3784 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    13:05:56.0854 3784 MegaSR - ok
    13:05:56.0886 3784 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
    13:05:56.0886 3784 MMCSS - ok
    13:05:56.0917 3784 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
    13:05:56.0917 3784 Modem - ok
    13:05:56.0948 3784 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
    13:05:56.0964 3784 monitor - ok
    13:05:57.0010 3784 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    13:05:57.0010 3784 mouclass - ok
    13:05:57.0042 3784 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    13:05:57.0042 3784 mouhid - ok
    13:05:57.0073 3784 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    13:05:57.0073 3784 mountmgr - ok
    13:05:57.0120 3784 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
    13:05:57.0120 3784 MpFilter - ok
    13:05:57.0151 3784 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
    13:05:57.0151 3784 mpio - ok
    13:05:57.0322 3784 [ A69630D039C38018689190234F866D77 ] MpKsl2db44871 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25EE3F22-2B54-4FF6-BFB3-D831103D16E3}\MpKsl2db44871.sys
    13:05:57.0322 3784 MpKsl2db44871 - ok
    13:05:57.0369 3784 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    13:05:57.0369 3784 mpsdrv - ok
    13:05:57.0416 3784 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
    13:05:57.0416 3784 MpsSvc - ok
    13:05:57.0447 3784 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    13:05:57.0463 3784 MRxDAV - ok
    13:05:57.0510 3784 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    13:05:57.0525 3784 mrxsmb - ok
    13:05:57.0588 3784 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    13:05:57.0588 3784 mrxsmb10 - ok
    13:05:57.0603 3784 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    13:05:57.0619 3784 mrxsmb20 - ok
    13:05:57.0650 3784 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    13:05:57.0650 3784 msahci - ok
    13:05:57.0681 3784 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
    13:05:57.0681 3784 msdsm - ok
    13:05:57.0712 3784 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
    13:05:57.0712 3784 MSDTC - ok
    13:05:57.0759 3784 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
    13:05:57.0759 3784 Msfs - ok
    13:05:57.0790 3784 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    13:05:57.0790 3784 mshidkmdf - ok
    13:05:57.0806 3784 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
    13:05:57.0806 3784 msisadrv - ok
    13:05:57.0868 3784 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    13:05:57.0868 3784 MSiSCSI - ok
    13:05:57.0884 3784 msiserver - ok
    13:05:57.0915 3784 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    13:05:57.0915 3784 MSKSSRV - ok
    13:05:58.0009 3784 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    13:05:58.0009 3784 MsMpSvc - ok
    13:05:58.0056 3784 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    13:05:58.0056 3784 MSPCLOCK - ok
    13:05:58.0102 3784 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    13:05:58.0102 3784 MSPQM - ok
    13:05:58.0134 3784 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    13:05:58.0134 3784 MsRPC - ok
    13:05:58.0180 3784 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    13:05:58.0180 3784 mssmbios - ok
    13:05:58.0196 3784 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    13:05:58.0212 3784 MSTEE - ok
    13:05:58.0227 3784 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    13:05:58.0227 3784 MTConfig - ok
    13:05:58.0258 3784 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
    13:05:58.0258 3784 Mup - ok
    13:05:58.0305 3784 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
    13:05:58.0321 3784 napagent - ok
    13:05:58.0383 3784 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    13:05:58.0383 3784 NativeWifiP - ok
    13:05:58.0446 3784 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
    13:05:58.0446 3784 NDIS - ok
    13:05:58.0492 3784 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    13:05:58.0492 3784 NdisCap - ok
    13:05:58.0524 3784 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    13:05:58.0524 3784 NdisTapi - ok
    13:05:58.0555 3784 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    13:05:58.0555 3784 Ndisuio - ok
    13:05:58.0586 3784 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    13:05:58.0586 3784 NdisWan - ok
    13:05:58.0617 3784 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    13:05:58.0617 3784 NDProxy - ok
    13:05:58.0680 3784 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
    13:05:58.0680 3784 Net Driver HPZ12 - ok
    13:05:58.0742 3784 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    13:05:58.0742 3784 NetBIOS - ok
    13:05:58.0773 3784 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    13:05:58.0773 3784 NetBT - ok
    13:05:58.0804 3784 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\windows\system32\lsass.exe
    13:05:58.0820 3784 Netlogon - ok
    13:05:58.0867 3784 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
    13:05:58.0867 3784 Netman - ok
    13:05:58.0898 3784 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
    13:05:58.0914 3784 netprofm - ok
    13:05:58.0945 3784 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:05:58.0945 3784 NetTcpPortSharing - ok
    13:05:59.0007 3784 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    13:05:59.0007 3784 nfrd960 - ok
    13:05:59.0054 3784 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
    13:05:59.0070 3784 NisDrv - ok
    13:05:59.0116 3784 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    13:05:59.0116 3784 NisSrv - ok
    13:05:59.0163 3784 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
    13:05:59.0163 3784 NlaSvc - ok
    13:05:59.0194 3784 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
    13:05:59.0194 3784 Npfs - ok
    13:05:59.0226 3784 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
    13:05:59.0226 3784 nsi - ok
    13:05:59.0257 3784 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    13:05:59.0257 3784 nsiproxy - ok
    13:05:59.0319 3784 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    13:05:59.0335 3784 Ntfs - ok
    13:05:59.0350 3784 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
    13:05:59.0350 3784 Null - ok
    13:05:59.0382 3784 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
    13:05:59.0382 3784 nvraid - ok
    13:05:59.0428 3784 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
    13:05:59.0428 3784 nvstor - ok
    13:05:59.0444 3784 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
    13:05:59.0444 3784 nv_agp - ok
    13:05:59.0553 3784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:05:59.0569 3784 odserv - ok
    13:05:59.0584 3784 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
    13:05:59.0600 3784 ohci1394 - ok
    13:05:59.0647 3784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:05:59.0647 3784 ose - ok
    13:05:59.0694 3784 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    13:05:59.0694 3784 p2pimsvc - ok
    13:05:59.0725 3784 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
    13:05:59.0740 3784 p2psvc - ok
    13:05:59.0772 3784 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
    13:05:59.0787 3784 Parport - ok
    13:05:59.0803 3784 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\windows\system32\drivers\partmgr.sys
    13:05:59.0803 3784 partmgr - ok
    13:05:59.0834 3784 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
    13:05:59.0865 3784 Parvdm - ok
    13:05:59.0896 3784 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
    13:05:59.0912 3784 PcaSvc - ok
    13:05:59.0943 3784 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
    13:05:59.0959 3784 pci - ok
    13:05:59.0974 3784 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
    13:05:59.0990 3784 pciide - ok
    13:06:00.0021 3784 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    13:06:00.0037 3784 pcmcia - ok
    13:06:00.0068 3784 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
    13:06:00.0084 3784 pcw - ok
    13:06:00.0146 3784 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
    13:06:00.0162 3784 PEAUTH - ok
    13:06:00.0302 3784 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
    13:06:00.0318 3784 pla - ok
    13:06:00.0380 3784 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    13:06:00.0396 3784 PlugPlay - ok
    13:06:00.0442 3784 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
    13:06:00.0442 3784 Pml Driver HPZ12 - ok
    13:06:00.0489 3784 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    13:06:00.0489 3784 PNRPAutoReg - ok
    13:06:00.0520 3784 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    13:06:00.0520 3784 PNRPsvc - ok
    13:06:00.0583 3784 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    13:06:00.0583 3784 PolicyAgent - ok
    13:06:00.0645 3784 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
    13:06:00.0645 3784 Power - ok
    13:06:00.0692 3784 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    13:06:00.0692 3784 PptpMiniport - ok
    13:06:00.0723 3784 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
    13:06:00.0723 3784 Processor - ok
    13:06:00.0786 3784 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
    13:06:00.0786 3784 ProfSvc - ok
    13:06:00.0817 3784 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\windows\system32\lsass.exe
    13:06:00.0832 3784 ProtectedStorage - ok
    13:06:00.0879 3784 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
    13:06:00.0879 3784 Psched - ok
    13:06:00.0942 3784 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    13:06:00.0957 3784 ql2300 - ok
    13:06:01.0004 3784 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    13:06:01.0004 3784 ql40xx - ok
    13:06:01.0051 3784 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
    13:06:01.0051 3784 QWAVE - ok
    13:06:01.0066 3784 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    13:06:01.0082 3784 QWAVEdrv - ok
    13:06:01.0098 3784 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    13:06:01.0113 3784 RasAcd - ok
    13:06:01.0144 3784 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    13:06:01.0144 3784 RasAgileVpn - ok
    13:06:01.0176 3784 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
    13:06:01.0176 3784 RasAuto - ok
    13:06:01.0222 3784 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    13:06:01.0222 3784 Rasl2tp - ok
    13:06:01.0285 3784 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
    13:06:01.0285 3784 RasMan - ok
    13:06:01.0300 3784 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    13:06:01.0316 3784 RasPppoe - ok
    13:06:01.0363 3784 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    13:06:01.0363 3784 RasSstp - ok
    13:06:01.0378 3784 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    13:06:01.0394 3784 rdbss - ok
    13:06:01.0425 3784 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    13:06:01.0425 3784 rdpbus - ok
    13:06:01.0456 3784 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    13:06:01.0456 3784 RDPCDD - ok
    13:06:01.0503 3784 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    13:06:01.0503 3784 RDPENCDD - ok
    13:06:01.0534 3784 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    13:06:01.0534 3784 RDPREFMP - ok
    13:06:01.0566 3784 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    13:06:01.0581 3784 RDPWD - ok
    13:06:01.0597 3784 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    13:06:01.0628 3784 rdyboost - ok
    13:06:01.0675 3784 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
    13:06:01.0675 3784 RemoteAccess - ok
    13:06:01.0722 3784 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
    13:06:01.0722 3784 RemoteRegistry - ok
    13:06:01.0768 3784 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    13:06:01.0768 3784 RpcEptMapper - ok
    13:06:01.0784 3784 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
    13:06:01.0800 3784 RpcLocator - ok
    13:06:01.0831 3784 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
    13:06:01.0831 3784 RpcSs - ok
    13:06:01.0893 3784 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    13:06:01.0893 3784 rspndr - ok
    13:06:01.0909 3784 RSUSBSTOR - ok
    13:06:01.0971 3784 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
    13:06:01.0971 3784 RTL8167 - ok
    13:06:02.0034 3784 [ E48DAF453D773A89A44134CE4BA9AF44 ] RTL8187Se C:\windows\system32\DRIVERS\RTL8187Se.sys
    13:06:02.0049 3784 RTL8187Se - ok
    13:06:02.0065 3784 RtsUIR - ok
    13:06:02.0080 3784 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\windows\system32\lsass.exe
    13:06:02.0080 3784 SamSs - ok
    13:06:02.0127 3784 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
    13:06:02.0127 3784 sbp2port - ok
    13:06:02.0158 3784 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
    13:06:02.0174 3784 SCardSvr - ok
    13:06:02.0190 3784 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    13:06:02.0190 3784 scfilter - ok
    13:06:02.0252 3784 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
    13:06:02.0268 3784 Schedule - ok
    13:06:02.0283 3784 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
    13:06:02.0283 3784 SCPolicySvc - ok
    13:06:02.0314 3784 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
    13:06:02.0330 3784 SDRSVC - ok
    13:06:02.0361 3784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
    13:06:02.0361 3784 secdrv - ok
    13:06:02.0392 3784 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
    13:06:02.0392 3784 seclogon - ok
    13:06:02.0439 3784 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
    13:06:02.0439 3784 SENS - ok
    13:06:02.0470 3784 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
    13:06:02.0470 3784 SensrSvc - ok
    13:06:02.0548 3784 [ E42F03D1081C4F60D3DB6C38235B1456 ] Ser2pl C:\windows\system32\DRIVERS\ser2pl.sys
    13:06:02.0548 3784 Ser2pl - ok
    13:06:02.0595 3784 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    13:06:02.0595 3784 Serenum - ok
    13:06:02.0626 3784 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
    13:06:02.0626 3784 Serial - ok
    13:06:02.0658 3784 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    13:06:02.0658 3784 sermouse - ok
    13:06:02.0720 3784 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
    13:06:02.0736 3784 SessionEnv - ok
    13:06:02.0751 3784 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
    13:06:02.0751 3784 sffdisk - ok
    13:06:02.0782 3784 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
    13:06:02.0782 3784 sffp_mmc - ok
    13:06:02.0798 3784 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
    13:06:02.0798 3784 sffp_sd - ok
    13:06:02.0829 3784 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    13:06:02.0829 3784 sfloppy - ok
    13:06:02.0876 3784 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
    13:06:02.0876 3784 SharedAccess - ok
    13:06:02.0923 3784 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    13:06:02.0923 3784 ShellHWDetection - ok
    13:06:02.0954 3784 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
    13:06:02.0954 3784 sisagp - ok
    13:06:03.0016 3784 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    13:06:03.0016 3784 SiSRaid2 - ok
    13:06:03.0048 3784 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    13:06:03.0048 3784 SiSRaid4 - ok
    13:06:03.0079 3784 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
    13:06:03.0094 3784 Smb - ok
    13:06:03.0141 3784 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
    13:06:03.0141 3784 SNMPTRAP - ok
    13:06:03.0157 3784 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
    13:06:03.0157 3784 spldr - ok
    13:06:03.0219 3784 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\windows\System32\spoolsv.exe
    13:06:03.0219 3784 Spooler - ok
    13:06:03.0313 3784 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
    13:06:03.0375 3784 sppsvc - ok
  11. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    ...continued
    13:06:03.0453 3784 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
    13:06:03.0469 3784 sppuinotify - ok
    13:06:03.0516 3784 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
    13:06:03.0531 3784 srv - ok
    13:06:03.0562 3784 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    13:06:03.0562 3784 srv2 - ok
    13:06:03.0594 3784 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    13:06:03.0594 3784 srvnet - ok
    13:06:03.0625 3784 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    13:06:03.0625 3784 SSDPSRV - ok
    13:06:03.0672 3784 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
    13:06:03.0672 3784 SstpSvc - ok
    13:06:03.0718 3784 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    13:06:03.0734 3784 stexstor - ok
    13:06:03.0796 3784 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
    13:06:03.0796 3784 StiSvc - ok
    13:06:03.0843 3784 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    13:06:03.0843 3784 swenum - ok
    13:06:03.0890 3784 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
    13:06:03.0890 3784 swprv - ok
    13:06:03.0952 3784 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    13:06:03.0968 3784 SynTP - ok
    13:06:04.0015 3784 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
    13:06:04.0030 3784 SysMain - ok
    13:06:04.0077 3784 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
    13:06:04.0077 3784 TabletInputService - ok
    13:06:04.0124 3784 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
    13:06:04.0155 3784 tap0901 - ok
    13:06:04.0171 3784 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
    13:06:04.0186 3784 TapiSrv - ok
    13:06:04.0202 3784 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
    13:06:04.0218 3784 TBS - ok
    13:06:04.0280 3784 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    13:06:04.0311 3784 Tcpip - ok
    13:06:04.0374 3784 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    13:06:04.0374 3784 TCPIP6 - ok
    13:06:04.0452 3784 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    13:06:04.0452 3784 tcpipreg - ok
    13:06:04.0514 3784 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    13:06:04.0514 3784 tdcmdpst - ok
    13:06:04.0545 3784 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    13:06:04.0545 3784 TDPIPE - ok
    13:06:04.0576 3784 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    13:06:04.0576 3784 TDTCP - ok
    13:06:04.0608 3784 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    13:06:04.0608 3784 tdx - ok
    13:06:04.0639 3784 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    13:06:04.0639 3784 TermDD - ok
    13:06:04.0701 3784 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
    13:06:04.0717 3784 TermService - ok
    13:06:04.0732 3784 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
    13:06:04.0732 3784 Themes - ok
    13:06:04.0764 3784 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
    13:06:04.0764 3784 THREADORDER - ok
    13:06:04.0842 3784 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    13:06:04.0842 3784 TMachInfo - ok
    13:06:04.0904 3784 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    13:06:04.0904 3784 TODDSrv - ok
    13:06:04.0966 3784 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    13:06:04.0982 3784 TosCoSrv - ok
    13:06:05.0044 3784 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    13:06:05.0044 3784 TOSHIBA HDD SSD Alert Service - ok
    13:06:05.0107 3784 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
    13:06:05.0122 3784 tos_sps32 - ok
    13:06:05.0169 3784 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
    13:06:05.0185 3784 TrkWks - ok
    13:06:05.0232 3784 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    13:06:05.0247 3784 TrustedInstaller - ok
    13:06:05.0278 3784 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    13:06:05.0278 3784 tssecsrv - ok
    13:06:05.0325 3784 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    13:06:05.0325 3784 tunnel - ok
    13:06:05.0372 3784 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    13:06:05.0372 3784 TVALZ - ok
    13:06:05.0419 3784 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    13:06:05.0419 3784 uagp35 - ok
    13:06:05.0450 3784 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
    13:06:05.0450 3784 udfs - ok
    13:06:05.0512 3784 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
    13:06:05.0528 3784 UI0Detect - ok
    13:06:05.0544 3784 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
    13:06:05.0544 3784 uliagpkx - ok
    13:06:05.0590 3784 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
    13:06:05.0590 3784 umbus - ok
    13:06:05.0637 3784 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    13:06:05.0653 3784 UmPass - ok
    13:06:05.0684 3784 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
    13:06:05.0700 3784 upnphost - ok
    13:06:05.0762 3784 [ 00114A2122B2B737B97D97DD98E1882E ] usbanyka C:\windows\system32\DRIVERS\UsbAnyka.sys
    13:06:05.0778 3784 usbanyka - ok
    13:06:05.0809 3784 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    13:06:05.0809 3784 usbccgp - ok
    13:06:05.0824 3784 USBCCID - ok
    13:06:05.0856 3784 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
    13:06:05.0856 3784 usbcir - ok
    13:06:05.0902 3784 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    13:06:05.0902 3784 usbehci - ok
    13:06:05.0934 3784 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    13:06:05.0934 3784 usbhub - ok
    13:06:05.0980 3784 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
    13:06:05.0980 3784 usbohci - ok
    13:06:06.0012 3784 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    13:06:06.0012 3784 usbprint - ok
    13:06:06.0058 3784 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    13:06:06.0058 3784 usbscan - ok
    13:06:06.0105 3784 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    13:06:06.0152 3784 USBSTOR - ok
    13:06:06.0183 3784 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
    13:06:06.0183 3784 usbuhci - ok
    13:06:06.0214 3784 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
    13:06:06.0214 3784 UxSms - ok
    13:06:06.0230 3784 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\windows\system32\lsass.exe
    13:06:06.0246 3784 VaultSvc - ok
    13:06:06.0277 3784 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
    13:06:06.0277 3784 vdrvroot - ok
    13:06:06.0308 3784 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
    13:06:06.0324 3784 vds - ok
    13:06:06.0355 3784 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    13:06:06.0370 3784 vga - ok
    13:06:06.0402 3784 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
    13:06:06.0402 3784 VgaSave - ok
    13:06:06.0433 3784 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
    13:06:06.0433 3784 vhdmp - ok
    13:06:06.0464 3784 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
    13:06:06.0464 3784 viaagp - ok
    13:06:06.0495 3784 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
    13:06:06.0542 3784 ViaC7 - ok
    13:06:06.0573 3784 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
    13:06:06.0589 3784 viaide - ok
    13:06:06.0604 3784 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
    13:06:06.0620 3784 volmgr - ok
    13:06:06.0682 3784 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    13:06:06.0682 3784 volmgrx - ok
    13:06:06.0745 3784 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
    13:06:06.0745 3784 volsnap - ok
    13:06:06.0792 3784 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    13:06:06.0792 3784 vsmraid - ok
    13:06:06.0854 3784 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
    13:06:06.0870 3784 VSS - ok
    13:06:06.0901 3784 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    13:06:06.0901 3784 vwifibus - ok
    13:06:06.0948 3784 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    13:06:06.0948 3784 vwififlt - ok
    13:06:06.0994 3784 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    13:06:06.0994 3784 vwifimp - ok
    13:06:07.0026 3784 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
    13:06:07.0041 3784 W32Time - ok
    13:06:07.0072 3784 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    13:06:07.0072 3784 WacomPen - ok
    13:06:07.0104 3784 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    13:06:07.0104 3784 WANARP - ok
    13:06:07.0119 3784 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    13:06:07.0119 3784 Wanarpv6 - ok
    13:06:07.0213 3784 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    13:06:07.0228 3784 WatAdminSvc - ok
    13:06:07.0291 3784 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
    13:06:07.0306 3784 wbengine - ok
    13:06:07.0338 3784 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    13:06:07.0338 3784 WbioSrvc - ok
    13:06:07.0369 3784 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\windows\System32\wcncsvc.dll
    13:06:07.0369 3784 wcncsvc - ok
    13:06:07.0416 3784 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    13:06:07.0431 3784 WcsPlugInService - ok
    13:06:07.0462 3784 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
    13:06:07.0462 3784 Wd - ok
    13:06:07.0509 3784 [ 77D80469DD64DFDDF3F2B881C68DCBE1 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    13:06:07.0509 3784 Suspicious file (Forged): C:\windows\system32\drivers\Wdf01000.sys. Real md5: 77D80469DD64DFDDF3F2B881C68DCBE1, Fake md5: 9950E3D0F08141C7E89E64456AE7DC73
    13:06:07.0509 3784 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
    13:06:07.0509 3784 Wdf01000 - detected Virus.Win32.Rloader.a (0)
    13:06:07.0540 3784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
    13:06:07.0540 3784 WdiServiceHost - ok
    13:06:07.0572 3784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
    13:06:07.0572 3784 WdiSystemHost - ok
    13:06:07.0603 3784 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\windows\System32\webclnt.dll
    13:06:07.0603 3784 WebClient - ok
    13:06:07.0650 3784 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
    13:06:07.0665 3784 Wecsvc - ok
    13:06:07.0681 3784 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
    13:06:07.0681 3784 wercplsupport - ok
    13:06:07.0712 3784 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
    13:06:07.0728 3784 WerSvc - ok
    13:06:07.0759 3784 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    13:06:07.0759 3784 WfpLwf - ok
    13:06:07.0806 3784 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
    13:06:07.0806 3784 WIMMount - ok
    13:06:07.0868 3784 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    13:06:07.0884 3784 WinDefend - ok
    13:06:07.0899 3784 WinHttpAutoProxySvc - ok
    13:06:07.0962 3784 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    13:06:07.0962 3784 Winmgmt - ok
    13:06:08.0040 3784 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
    13:06:08.0055 3784 WinRM - ok
    13:06:08.0133 3784 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    13:06:08.0133 3784 WinUsb - ok
    13:06:08.0196 3784 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
    13:06:08.0211 3784 Wlansvc - ok
    13:06:08.0305 3784 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    13:06:08.0320 3784 wlidsvc - ok
    13:06:08.0336 3784 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
    13:06:08.0336 3784 WmiAcpi - ok
    13:06:08.0383 3784 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    13:06:08.0383 3784 wmiApSrv - ok
    13:06:08.0492 3784 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:06:08.0508 3784 WMPNetworkSvc - ok
    13:06:08.0539 3784 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
    13:06:08.0539 3784 WPCSvc - ok
    13:06:08.0570 3784 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    13:06:08.0570 3784 WPDBusEnum - ok
    13:06:08.0617 3784 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    13:06:08.0617 3784 ws2ifsl - ok
    13:06:08.0648 3784 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
    13:06:08.0664 3784 wscsvc - ok
    13:06:08.0679 3784 WSearch - ok
    13:06:08.0757 3784 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\windows\system32\wuaueng.dll
    13:06:08.0788 3784 wuauserv - ok
    13:06:08.0804 3784 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    13:06:08.0820 3784 WudfPf - ok
    13:06:08.0851 3784 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    13:06:08.0851 3784 WUDFRd - ok
    13:06:08.0898 3784 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    13:06:08.0898 3784 wudfsvc - ok
    13:06:08.0944 3784 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
    13:06:08.0944 3784 WwanSvc - ok
    13:06:09.0038 3784 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    13:06:09.0038 3784 YahooAUService - ok
    13:06:09.0100 3784 ================ Scan global ===============================
    13:06:09.0132 3784 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
    13:06:09.0178 3784 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
    13:06:09.0194 3784 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
    13:06:09.0225 3784 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
    13:06:09.0272 3784 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
    13:06:09.0288 3784 [Global] - ok
    13:06:09.0288 3784 ================ Scan MBR ==================================
    13:06:09.0303 3784 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    13:06:09.0490 3784 \Device\Harddisk0\DR0 - ok
    13:06:09.0490 3784 ================ Scan VBR ==================================
    13:06:09.0522 3784 [ 3E2D8FF930A548FE6BFA83167EFB82C4 ] \Device\Harddisk0\DR0\Partition1
    13:06:09.0522 3784 \Device\Harddisk0\DR0\Partition1 - ok
    13:06:09.0522 3784 ============================================================
    13:06:09.0522 3784 Scan finished
    13:06:09.0522 3784 ============================================================
    13:06:09.0553 4680 Detected object count: 1
    13:06:09.0553 4680 Actual detected object count: 1
    13:06:33.0499 4680 C:\windows\system32\drivers\Wdf01000.sys - copied to quarantine
    13:06:40.0488 4680 Backup copy found, using it..
    13:06:40.0831 4680 C:\windows\system32\drivers\Wdf01000.sys - will be cured on reboot
    13:06:40.0831 4680 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
    13:07:33.0237 3296 Deinitialize success
     
  12. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    The second tdss is a folder, not a file, TDSSKiller_Quarantine. didnt know if you wanted me to post that as well.
    the Rouge Killer produces a few reports because or re scans. here they are...

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Scan -- Date : 09/20/2012 13:23:11
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    ________________________________________________________________________________

    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Scan -- Date : 09/20/2012 13:25:44
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> FOUND
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    ________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 09/20/2012 13:26:43
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 4 ¤¤¤
    [TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> DELETED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
    ________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 09/20/2012 13:27:20
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
    _______________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : ProxyFix -- Date : 09/20/2012 13:27:32
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    Finished : << RKreport[5].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
    _____________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : ProxyFix -- Date : 09/20/2012 13:27:40
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    Finished : << RKreport[6].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt
    ______________________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 09/20/2012 13:28:22
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[7].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt ; RKreport[7].txt
    ________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : ProxyFix -- Date : 09/20/2012 13:28:29
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    Finished : << RKreport[8].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
    RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
    ________________________________________________________________________________
    RogueKiller V8.0.4 [09/19/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : ProxyFix -- Date : 09/20/2012 13:28:46
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 1 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> DELETED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    Finished : << RKreport[10].txt >>
    RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
    RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
  13. Broni

    Broni Malware Annihilator Posts: 46,143   +251

  14. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Still scanning, I will post when finished. but as an update, all of my internet is working now, and no computer freezing, will continue to moniter and let you know
  15. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Good news :)
  16. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-20 15:32:07
    -----------------------------
    15:32:07.158 OS Version: Windows 6.1.7600
    15:32:07.158 Number of processors: 1 586 0x301
    15:32:07.158 ComputerName: MATT-PC UserName: Matt
    15:32:08.562 Initialize success
    15:32:25.956 AVAST engine defs: 12092000
    15:32:32.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    15:32:32.212 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 11
    15:32:32.212 Disk 0 MBR read successfully
    15:32:32.227 Disk 0 MBR scan
    15:32:32.227 Disk 0 Windows VISTA default MBR code
    15:32:32.243 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    15:32:32.321 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
    15:32:32.493 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
    15:32:32.571 Disk 0 scanning sectors +488396800
    15:32:32.851 Disk 0 scanning C:\windows\system32\drivers
    15:33:33.583 Service scanning
    15:34:26.551 Service MpKslaa3211c7 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25EE3F22-2B54-4FF6-BFB3-D831103D16E3}\MpKslaa3211c7.sys **LOCKED** 32
    15:35:12.480 Modules scanning
    15:35:33.705 Disk 0 trace - called modules:
    15:35:33.744 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys HDAudBus.sys
    15:35:33.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c54ac8]
    15:35:33.759 3 CLASSPNP.SYS[8840459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c4f030]
    15:35:34.803 AVAST engine scan C:\windows
    15:35:40.437 AVAST engine scan C:\windows\system32
    15:44:46.217 AVAST engine scan C:\windows\system32\drivers
    15:45:30.226 AVAST engine scan C:\Users\Matt
    16:02:05.903 AVAST engine scan C:\ProgramData
    16:04:46.754 Scan finished successfully
    16:09:55.260 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    16:09:55.292 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

    on a side note, everything works fine, but I noticed that the java chat sites that I moderate will not load, I installed the java update but I will continue to try
  17. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Good :)

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    OTL logfile created on: 9/21/2012 10:24:12 AM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Matt\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.81% Memory free
    3.50 Gb Paging File | 2.30 Gb Available in Paging File | 65.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.33 Gb Total Space | 152.66 Gb Free Space | 68.35% Space Free | Partition Type: NTFS

    Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/21 10:23:25 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    PRC - [2012/09/15 06:13:05 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    PRC - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2011/10/04 09:28:58 | 018,221,432 | ---- | M] (Enterasys Networks, Inc) -- C:\Program Files\Enterasys Networks\NAC Agent\NacAgent.exe
    PRC - [2011/02/11 14:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    PRC - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    PRC - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    PRC - [2009/08/05 18:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    PRC - [2009/08/05 18:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    PRC - [2009/08/03 21:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    PRC - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
    PRC - [2009/07/28 18:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/07/13 21:14:28 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
    PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2009/01/14 01:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/21 10:11:42 | 000,053,248 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\ShutdownGuardian.dll
    MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
    MOD - [2011/08/14 03:07:29 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll
    MOD - [2011/08/14 03:04:53 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
    MOD - [2011/08/14 03:04:10 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
    MOD - [2011/08/14 03:02:39 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
    MOD - [2011/08/14 03:02:10 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
    MOD - [2011/08/14 03:01:46 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
    MOD - [2011/06/30 03:21:22 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
    MOD - [2009/12/18 03:00:50 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    MOD - [2009/08/03 21:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    MOD - [2009/07/25 14:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
    MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
    MOD - [2009/07/16 19:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    MOD - [2009/07/16 19:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    MOD - [2009/06/22 18:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
    MOD - [2009/03/12 23:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
    MOD - [2008/06/10 19:50:34 | 000,069,632 | ---- | M] () -- C:\Program Files\Enterasys Networks\NAC Agent\rt\bin\java.dll
    MOD - [2008/06/10 19:50:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Enterasys Networks\NAC Agent\rt\bin\jetvm\jvm.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
    SRV - [2012/09/15 06:13:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Running] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2010/02/28 08:41:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
    SRV - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
    SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/12/15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2009/07/24 19:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
    DRV - [2009/07/14 19:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/02 18:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
    DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/05/05 04:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
    DRV - [2008/08/22 11:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV - [2007/11/13 16:21:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
    DRV - [2005/03/31 20:41:26 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\InprocServer32 File not found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2415802


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7148&bi=400
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\InprocServer32 File not found
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes,DefaultScope = {0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7TSNA_enUS365US365
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=7148&bi=400&q={searchTerms}
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{B22BFE2D-069E-43E1-822D-792F14316CD1}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20100418,6686,0,8,0
    IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 02:53:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 02:53:25 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/09/16 17:18:00 | 000,000,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
    O2 - BHO: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
    O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll File not found
    O3 - HKLM\..\Toolbar: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\Toolbar\WebBrowser: (24MusicBar Toolbar) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
    O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
    O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [CyberGhost VPN] C:\Program Files\CyberGhost VPN\Cyberghost.exe (CyberGhost SRL)
    O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
    O13 - gopher Prefix: missing
    O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://weather-port.southlewis.org/JpegInst.cab (pmjpegaudio Class)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}: DhcpNameServer = 10.3.10.11 10.3.10.10
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/21 10:22:55 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/09/20 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK Reports
    [2012/09/20 13:24:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/09/20 13:22:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
    [2012/09/20 13:06:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/09/20 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\tdsskiller
    [2012/09/18 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
    [2012/09/18 23:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/17 14:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Fix 2012
    [2012/09/16 19:36:56 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
    [2012/09/16 19:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
    [2012/09/16 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Mozilla
    [2012/09/16 16:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/16 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
    [2012/09/16 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\DriverCure
    [2012/09/16 15:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/09/16 05:21:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
    [2012/09/15 23:34:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\AVG2013
    [2012/09/15 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\MFAData
    [2012/09/15 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Avg2013
    [2012/09/12 11:25:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\S.A.D
    [2012/09/10 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\backup
    [2012/09/10 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\10-09-2012
    [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/21 10:23:25 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/09/21 10:22:02 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/21 10:17:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/21 10:17:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/21 10:13:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/09/21 10:10:17 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/21 10:09:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/09/21 10:09:40 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/20 16:09:55 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/09/20 13:25:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/09/20 13:21:56 | 001,382,912 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
    [2012/09/20 12:49:10 | 000,007,667 | ---- | M] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
    [2012/09/19 05:04:06 | 000,003,584 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/19 02:02:16 | 000,000,262 | ---- | M] () -- C:\Users\Matt\Desktop\Run.lnk
    [2012/09/18 18:43:58 | 000,617,460 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/09/18 18:43:58 | 000,104,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/09/17 12:00:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/09/16 19:36:56 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
    [2012/09/16 17:18:00 | 000,000,707 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
    [2012/09/15 23:32:25 | 000,000,165 | ---- | M] () -- C:\windows\System32\userawacs.cfg
    [2012/09/14 19:20:03 | 000,000,110 | ---- | M] () -- C:\windows\System32\reem.bat
    [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/20 16:09:55 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/09/20 13:21:24 | 001,382,912 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
    [2012/09/19 02:02:16 | 000,000,262 | ---- | C] () -- C:\Users\Matt\Desktop\Run.lnk
    [2012/09/17 12:00:06 | 000,001,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/09/15 23:32:25 | 000,000,165 | ---- | C] () -- C:\windows\System32\userawacs.cfg
    [2012/09/14 19:20:01 | 000,000,110 | ---- | C] () -- C:\windows\System32\reem.bat
    [2012/05/15 03:53:54 | 000,002,306 | ---- | C] () -- C:\Users\Matt\.java.policy
    [2012/04/30 03:54:13 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/06 07:20:21 | 000,025,442 | ---- | C] () -- C:\Users\Matt\Documen
    [2011/01/27 11:39:36 | 000,007,667 | ---- | C] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
    [2010/12/16 23:15:24 | 000,239,803 | ---- | C] () -- C:\windows\hpwins05.dat
    [2010/12/16 23:15:24 | 000,003,111 | ---- | C] () -- C:\windows\hpwmdl05.dat
    [2010/02/03 21:12:12 | 000,001,038 | ---- | C] () -- C:\Users\Matt\Pictures - Shortcut.lnk

    ========== ZeroAccess Check ==========

    [2010/04/15 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l
    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    ========== LOP Check ==========

    [2011/02/11 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
    [2012/09/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
    [2012/09/10 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\backup
    [2012/09/15 05:58:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\butel
    [2012/07/29 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\butelsoap
    [2012/09/16 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DriverCure
    [2012/06/29 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FrostWire
    [2010/02/05 16:21:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
    [2010/10/10 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MSA
    [2011/02/05 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MusicNet
    [2012/09/12 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\S.A.D
    [2012/09/16 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
    [2010/02/04 08:38:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TOSHIBA
    [2012/09/16 05:21:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
    [2011/05/31 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WhiteSmoke
    [2010/02/03 19:42:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinBatch
    [2011/03/02 04:25:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
    < End of report >
     
  19. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    OTL Extras logfile created on: 9/21/2012 10:24:12 AM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Matt\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.81% Memory free
    3.50 Gb Paging File | 2.30 Gb Available in Paging File | 65.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.33 Gb Total Space | 152.66 Gb Free Space | 68.35% Space Free | Partition Type: NTFS

    Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0042CAAE-F82C-48D7-9EDE-25209A9670F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{06D10A98-7F70-4454-A936-330D68D7AF23}" = rport=445 | protocol=6 | dir=out | app=system |
    "{1DED3C19-322A-4BBE-BEEA-2D6A07B293B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{275205EA-9DD2-4474-BD83-58F809692721}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{27C3B4B8-7EA1-4C4D-A2A0-B0518621E7EF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{38C9414F-32BB-4363-9F63-8C6FF23B2CE1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4D60DD92-690A-47BB-BD31-5F07369E2D41}" = rport=138 | protocol=17 | dir=out | app=system |
    "{66C5335E-E899-4E0C-9AC7-CBBFCA7B4F7F}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6718A929-540B-4B15-A5A2-736813B3B54B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6CDD27F2-FE75-4FF1-AF32-3BAEBAEF15DB}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{70C645C9-B25D-41C7-BB44-F6C387B03946}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8651E827-4D7B-4855-899A-C6835453A525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8E13E89B-4FB8-4C22-9B92-CE42A1E0FEAC}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9E66027D-482D-4936-95F7-7B1F5B02571E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A1B33A15-F748-4CEC-A976-3E73FA5ACF0D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{ADC4545A-EADA-4B13-9A09-9ED2FBC3FCB4}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B18A6CD8-9DA1-48C1-8EBE-D5CDD3F855EC}" = lport=139 | protocol=6 | dir=in | app=system |
    "{B7701B56-91A3-4E69-A6D5-7EE0C256834D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C582BD8C-441B-4C6E-AF4D-36A585067043}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C6F3CE39-DA5A-4A6B-8BEA-7665FD68797C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CC6B361A-DBA7-43C4-8948-53978ECA825B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D0BAD3B7-C616-4BF8-B178-C4A60744A4D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D6D56358-F481-4631-83CE-F4D4963D8864}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{FBFDEE5E-9400-4DFF-96CD-BA485DF9EE04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A003D3-2B66-47BD-B91F-E2D2A9271AA7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{0609F7B0-D067-49FC-9460-0C0EDCC9262A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{06F68753-508B-4B77-A007-CEAC8ADE2F17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BB6A171-089B-4692-9F73-30AF8E8DBCE2}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
    "{1A4BCE0D-8EAA-4690-B282-79927A617A05}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
    "{1F9CA85F-7731-4C83-AFCF-4F8338A61313}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{228F4CEA-856A-419B-9452-F9759436BE47}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{2997A881-AC82-471E-9A8A-82AE261C023A}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{31C26A7E-714D-4C44-83F9-800A9E6545A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{327F0176-6891-4DBC-947E-0BCB2569E855}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{3DB0F8CE-1FBD-406E-AAEB-F3DFF536E359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{3E0B5738-1FC6-48E8-9682-D3B463204BD0}" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
    "{3EFC477D-0238-43D1-B49E-DEBE6524A54F}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{42C417E5-D7BF-4F97-A0FA-6071F3A473CD}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
    "{4641043B-3F4E-48AE-A787-8BD7F19EC66A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{46AF0EA6-B336-455C-953A-938F8D38949C}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{4A494945-1445-4A87-AC33-D3E7EA91AB25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4B08EA01-E53B-49B4-AB8D-46AE95308745}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4E45FFB3-7BAB-41B9-A2D8-1511C95EE8EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4ED0D0FF-B39E-48AA-BEB3-0D02757EFF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{52FDFACD-0E0D-4FE9-908E-E7DD4CF5918C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{55FE67EC-4EB8-4526-8A4F-9EEA14E2B386}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{5634F55C-59AD-4BBA-B893-2C959F9A1708}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{5BE36B26-86C7-4E50-87FB-6BBFBDB4DDE9}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{630275C4-792A-47AC-8390-923970A99BE1}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{638D4F8D-D9BA-4F90-828B-37EF0FA12257}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
    "{6B5826C5-47E1-4AF7-AFB9-34B5AEEDA1CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{6CF5D2F2-6263-4EA9-A883-803BDF10EE21}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{77BA7DAE-3325-4257-9671-2E0CC9B46DE1}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{78ED5E88-37EA-472D-8651-B3A652F72797}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{7AF62D5E-DEB2-4FC4-B824-FC88A90DAF27}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{7C80F562-DD1D-45D7-8678-0E0231C42DED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{836BDAF6-38F5-44B7-A15D-846B21E1DB64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8383AC7D-3E74-413A-AA08-F863E818C07B}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{8A81D917-C600-4398-AC04-B5FBC37AB2C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{8BFF060F-A335-4A84-A8D0-746B018457CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{94B154D4-5B5F-48BF-B120-3E43A1125E48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{96153035-1161-4ED6-8D07-2410F121BE27}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{96E20D48-71E9-4CAD-995A-48F806208BEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{9A78ED47-8020-4909-ABDB-47E89615034B}" = protocol=6 | dir=out | app=system |
    "{A7A2EC05-B096-4CAA-B9EA-FB788917B08B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{A923E93A-334D-45C9-B3D1-48949B0439F9}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
    "{B068D4B9-F1EE-47A6-BCBE-5C48AF2A5BA7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B18455A9-5D63-45D5-AAEC-A46A129AF6E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{B25AF542-9FA4-4BBD-AFD9-094E9E435E74}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
    "{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{B684DF12-C0B2-445A-8DD1-2781DA5E003A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{BB3980E6-F100-44B9-9B00-8E9897BBD94E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C12BBCCD-93F6-404F-AB1C-1185AB2E547D}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
    "{C34F47D4-5B7A-4FFC-8DBC-CAA567103512}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{CF400A5D-D811-4AE4-AC12-CC1A359CCF82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF5CC736-096A-4FCA-9D23-ADCC29B59865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CF9375AA-3E04-41A2-9E03-75DB4FB7FD36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{D1DD76AC-0EC0-432B-BC78-609486905456}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{D3BDABD9-A23E-48C9-9289-24BD1A1AA032}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{DEF8D259-DB16-4C21-8878-FA7FC1A4B9E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E4115ADC-6591-40DB-81C5-A6A1055C4682}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{E593F298-1CB5-4E42-9876-F4001068E3AF}" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
    "{E7E0DD63-C0D9-4109-A1DB-5D1F0AC829D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{EAE3D440-2F3D-4186-A6E6-2DE40CDB2AD5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "{EC99AAD5-26AC-4ADE-9EB9-CD8CE6D4EFFA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{ECAB847E-AB1D-48EC-86B8-A82EC41F1696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EDCF88C2-3B18-4E90-88F7-20BBBFBBE247}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EFCAD808-FDBD-418F-A20A-4A679100BD19}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{F6087465-5C00-4F09-9550-06027024FAAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{FA38A602-4052-43D1-858A-EDCEE3271B18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FECEADC3-AD49-426A-8024-5A4FA54F0111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "TCP Query User{2ABC94C6-3396-4B1D-864D-6D22B0626FD7}C:\program files\gigatribe\gigatribe.exe" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
    "TCP Query User{56EDB7D8-A0E4-4C60-A41E-B85598B86D81}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{63458A2F-E5F6-4AFC-80AF-78A5F436D0FC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{DA918A85-FF18-4729-9FEB-40F19D2E73ED}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "UDP Query User{1126FDB1-A722-4F3F-BE4F-49A764F2A888}C:\program files\gigatribe\gigatribe.exe" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
    "UDP Query User{19781B71-611F-4D1B-B78B-C566EFFA80A0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{4A960F42-8054-4CE9-9F37-E5757769B3E5}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "UDP Query User{A1CDC3D9-1F83-449D-B82E-28A38BC92B60}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
    "{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
    "{0516DE82-074E-4B74-8C94-59DE55CDA3DD}" = ARC XT for Uniden XT series
    "{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0887452F-715A-436E-9934-059173B919F9}" = Enterasys NAC Assessment Agent
    "{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
    "{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
    "{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
    "{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
    "{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
    "{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB453A58-FA82-455B-9B55-A0572E1E8FA2}" = ARC XT PRO for Uniden XT series
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
    "{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
    "{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
    "{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 4.57
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
    "CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
    "FrostWire" = FrostWire 4.21.8
    "FrostWire 5" = FrostWire 5.3.7
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/17/2012 11:12:55 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
    stamp: 0x4a5bccac Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
    id: 0x14c0 Faulting application start time: 0x01cd94e6e19195fe Faulting application
    path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: 279761cf-00da-11e2-9bcd-002622f6072e

    Error - 9/17/2012 11:15:11 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
    stamp: 0x4a5bccac Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
    stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
    id: 0x9e0 Faulting application start time: 0x01cd94e73856e655 Faulting application
    path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: 78c84a1d-00da-11e2-9bcd-002622f6072e

    Error - 9/17/2012 1:31:13 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000003 Faulting process id:
    0x5a8 Faulting application start time: 0x01cd94e097db40ee Faulting application path:
    C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 79a269e5-00ed-11e2-9bcd-002622f6072e

    Error - 9/18/2012 5:21:03 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00610069 Faulting process id:
    0x67c Faulting application start time: 0x01cd95a5b42baa66 Faulting application path:
    C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: bf6daa24-01d6-11e2-8c4d-002622f6072e

    Error - 9/18/2012 6:46:30 PM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 920 Start
    Time: 01cd95ec52085280 Termination Time: 60000 Application Path: C:\windows\Explorer.EXE
    Report
    Id: 7e8f8f30-01e2-11e2-8cf7-002622f6072e

    Error - 9/18/2012 6:58:09 PM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
    Description = The program msseces.exe version 4.0.1526.0 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: dc4 Start
    Time: 01cd95ec5a95ff08 Termination Time: 18861 Application Path: C:\Program Files\Microsoft
    Security Client\msseces.exe Report Id: 41ba0116-01e4-11e2-8cf7-002622f6072e

    Error - 9/19/2012 5:09:54 AM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
    Description = The program wmplayer.exe version 12.0.7600.16667 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1018 Start
    Time: 01cd9645937d7033 Termination Time: 109 Application Path: C:\Program Files\Windows
    Media Player\wmplayer.exe Report Id: bf4c779d-0239-11e2-9b56-002622f6072e

    Error - 9/19/2012 5:10:15 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
    time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
    time stamp: 0x4e21132b Exception code: 0x0000046b Fault offset: 0x00009673 Faulting
    process id: 0x14e8 Faulting application start time: 0x01cd9645b2ef353d Faulting application
    path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
    Report
    Id: d250435a-0239-11e2-9b56-002622f6072e

    Error - 9/20/2012 12:57:22 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
    time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
    0x744 Faulting application start time: 0x01cd968b86b9491c Faulting application path:
    C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 3e52ceb3-0344-11e2-aa14-002622f6072e

    Error - 9/20/2012 3:12:24 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
    0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
    0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00052073 Faulting process id:
    0xe8c Faulting application start time: 0x01cd9755aafbeb10 Faulting application path:
    C:\Users\Matt\Desktop\aswMBR.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
    Report
    Id: 1b635fbf-0357-11e2-bb5e-002622f6072e

    [ Media Center Events ]
    Error - 2/4/2010 10:41:27 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 9:41:27 PM - Error connecting to the internet. 9:41:27 PM - Unable
    to contact server..

    Error - 2/5/2010 12:33:02 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 11:33:02 AM - Error connecting to the internet. 11:33:02 AM - Unable
    to contact server..

    Error - 2/21/2010 5:52:24 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 4:52:24 AM - Error connecting to the internet. 4:52:24 AM - Unable
    to contact server..

    Error - 2/21/2010 5:52:34 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 4:52:29 AM - Error connecting to the internet. 4:52:29 AM - Unable
    to contact server..

    Error - 2/27/2010 12:44:54 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 11:44:44 AM - Failed to retrieve SportsV2 (Error: The underlying connection
    was closed: An unexpected error occurred on a receive.)

    Error - 4/2/2010 12:33:41 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 12:33:41 PM - Error connecting to the internet. 12:33:41 PM - Unable
    to contact server..

    Error - 4/2/2010 12:33:50 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 12:33:46 PM - Error connecting to the internet. 12:33:46 PM - Unable
    to contact server..

    Error - 7/8/2010 10:43:48 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 10:43:04 AM - Failed to retrieve SportsV2 (Error: The underlying connection
    was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

    Error - 7/8/2010 10:45:09 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 10:43:48 AM - Failed to retrieve Broadband (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    Error - 9/7/2010 11:02:23 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
    Description = 11:02:20 AM - Failed to retrieve MCEClientUX (Error: The underlying
    connection was closed: Could not establish trust relationship for the SSL/TLS secure
    channel.)

    [ System Events ]
    Error - 9/20/2012 1:08:45 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 9/20/2012 1:08:45 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/20/2012 1:11:14 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%2

    Error - 9/20/2012 3:17:20 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 9/20/2012 3:17:20 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/20/2012 3:20:09 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%2

    Error - 9/20/2012 3:34:39 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866333
    Description =

    Error - 9/21/2012 10:09:49 AM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 9/21/2012 10:09:49 AM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/21/2012 10:12:19 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%2


    < End of report >
  20. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    And my java is back, turns out the server was just down
  21. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
      O2 - BHO: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
      O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
      O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
      O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll File not found
      O3 - HKLM\..\Toolbar: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\Toolbar\WebBrowser: (24MusicBar Toolbar) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
      O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
      [2010/04/15 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l
      [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
      [2011/02/11 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
      [2012/09/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Sorry for delay, didnt know that there was a second page created. here is the results from OTL, and it ran perfectly w/o stalling.

    All processes killed
    ========== OTL ==========
    Service gupdatem stopped successfully!
    Service gupdatem deleted successfully!
    File C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc not found.
    Service gupdate stopped successfully!
    Service gupdate deleted successfully!
    File C:\Program Files\Google\Update\GoogleUpdate.exe /svc not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{54d0da58-64e7-4408-be1f-72659f70fcbe} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{54D0DA58-64E7-4408-BE1F-72659F70FCBE} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l folder moved successfully.
    C:\windows\assembly\Desktop.ini moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\Track Eraser folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\Rescue folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG\Integrator folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG folder moved successfully.
    C:\Users\Matt\AppData\Roaming\AVG2013 folder moved successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 9786219 bytes
    ->Temporary Internet Files folder emptied: 82931779 bytes
    ->Java cache emptied: 465898 bytes
    ->Flash cache emptied: 13669 bytes

    User: Matt
    ->Temp folder emptied: 92813246 bytes
    ->Temporary Internet Files folder emptied: 125291354 bytes
    ->Java cache emptied: 462470 bytes
    ->Flash cache emptied: 2457 bytes

    User: Public

    User: Tammy
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1083 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 235720655 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 522.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Matt
    ->Java cache emptied: 0 bytes

    User: Public

    User: Tammy
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Matt
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tammy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.65.1 log created on 09232012_164053
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  23. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Results of screen317's Security Check version 0.99.51
    Windows 7 x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    AVG PC Tuneup 2011
    Java(TM) 6 Update 35
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  24. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    Farbar Service Scanner Version: 19-09-2012
    Ran by Matt (administrator) on 23-09-2012 at 16:58:43
    Running from "C:\Users\Matt\Desktop"
    Microsoft Windows 7 Home Premium (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\windows\system32\nsisvc.dll => MD5 is legit
    C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\windows\system32\dhcpcore.dll => MD5 is legit
    C:\windows\system32\Drivers\afd.sys => MD5 is legit
    C:\windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\windows\system32\Drivers\tcpip.sys
    [2011-08-14 02:34] - [2011-06-21 01:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1
    C:\windows\system32\dnsrslvr.dll
    [2011-04-14 17:54] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9
    C:\windows\system32\mpssvc.dll
    [2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E
    C:\windows\system32\bfe.dll
    [2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11
    C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\windows\system32\SDRSVC.dll
    [2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446
    C:\windows\system32\vssvc.exe
    [2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C
    C:\windows\system32\wscsvc.dll => MD5 is legit
    C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\windows\system32\wuaueng.dll
    [2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1
    C:\windows\system32\qmgr.dll
    [2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4
    C:\windows\system32\es.dll => MD5 is legit
    C:\windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\windows\system32\svchost.exe => MD5 is legit
    C:\windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
  25. Communications

    Communications TechSpot Member Topic Starter Posts: 28

    # AdwCleaner v2.003 - Logfile created 09/23/2012 at 17:01:49
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium (32 bits)
    # User : Matt - MATT-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Matt\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\Matt\AppData\LocalLow\Conduit
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\24MusicBar
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AutocompleteProBHO
    Key Deleted : HKCU\Software\FunWebProducts
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\Software\24MusicBar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6AD9C39-B7B4-47AF-ADC9-681EC09F64AE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2415802
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6AD9C39-B7B4-47AF-ADC9-681EC09F64AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Software
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{54D0DA58-64E7-4408-BE1F-72659F70FCBE}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
    Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{54D0DA58-64E7-4408-BE1F-72659F70FCBE}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7600.16385
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
    *************************
    AdwCleaner[S1].txt - [6036 octets] - [23/09/2012 17:01:49]
    ########## EOF - C:\AdwCleaner[S1].txt - [6096 octets] ##########


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.