Solved FBI ransom virus

S

sandhu1

Posts: 22   +0
Hey ,
Yesterday I got a screen that popped up on my laptop stating that I had violated a copyright law and in order to release my computer I had to pay 200 $. After poking around online I found that many others had a similar problem. I am not very tech savvy and would greatly appreciate any help on resolving these issues. I also am not sure how to delete the GMER and the DDS scaner from my pc. I found tech spot and ran the scans on my pc recommended from the forum here are my logs separated for the forum.(malware and GMER this post DDS next post)

Thanks
Sandhu1


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.19.01

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
resham :: RESHAM-PC [administrator]

9/18/2012 5:38:32 PM
mbam-log-2012-09-18 (17-38-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264778
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 33
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|chcns (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\resham\AppData\Roaming\chcns.dll",CreateContext -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\resham\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh (PUP.Funmoods) -> Quarantined and deleted successfully.

Files Detected: 25
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\Temp\xcmowrsean.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\resham\Downloads\installfreefileopener_553.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\resham\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\resham\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\Microsoft\svchostt.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.exe (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\resham\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\resham\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
No modifications from gmer report log was empty
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
------------------------------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_30
Run by resham at 19:31:47 on 2012-09-18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.1892 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\resham\AppData\Roaming\Spotify\spotify.exe
C:\Windows\system32\igfxext.exe
C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [ethri] "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427
StartupFolder: C:\Users\resham\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{5792BFBD-E177-4EAA-934F-AF82BB67D2A3} : DhcpNameServer = 192.168.15.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bb7ed80c7-6dcb-43e3-921b-32815c5c005f%7D&mid=bd1e2c2048de47d69623d1e980e4e9f3-75d5b143e8225633ea1002530ff6a12a622dbe1b&ds=AVG&v=12.2.5.32&lang=us&pr=pa&d=2012-01-13%2019%3A03%3A25&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575&q=
FF - user.js: extensions.funmoods.id - 0024D2326C0F61F4
FF - user.js: extensions.funmoods.instlDay - 15530
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:11:29
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-18 44808]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-4-17 40960]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-18 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-4-3 36864]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-22 250056]
S3 ATMFBUS;A600 USB Composite Device Driver;C:\Windows\system32\DRIVERS\ATMFBUS.sys --> C:\Windows\system32\DRIVERS\ATMFBUS.sys [?]
S3 ATMFCVsp;A600 Cricket CM Port;C:\Windows\system32\DRIVERS\ATMFCVsp.sys --> C:\Windows\system32\DRIVERS\ATMFCVsp.sys [?]
S3 ATMFFLT;A600 USB Modem Installation CD;C:\Windows\system32\DRIVERS\ATMFFLT.sys --> C:\Windows\system32\DRIVERS\ATMFFLT.sys [?]
S3 ATMFMdm;A600 Cricket EVDO Modem;C:\Windows\system32\DRIVERS\ATMFMdm.sys --> C:\Windows\system32\DRIVERS\ATMFMdm.sys [?]
S3 ATMFNET;A600 Cricket EVDO Network Adapter;C:\Windows\system32\DRIVERS\ATMFNET.sys --> C:\Windows\system32\DRIVERS\ATMFNET.sys [?]
S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;C:\Windows\system32\DRIVERS\ATMFNVsp.sys --> C:\Windows\system32\DRIVERS\ATMFNVsp.sys [?]
S3 ATMFVsp;A600 Cricket Diagnostics Port;C:\Windows\system32\DRIVERS\ATMFVsp.sys --> C:\Windows\system32\DRIVERS\ATMFVsp.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-27 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\Jumpstart\jswpsapi.exe [2009-3-17 954368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-20 114144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-27 93184]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-19 00:37:20 -------- d-----w- C:\Users\resham\AppData\Roaming\Malwarebytes
2012-09-19 00:37:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-19 00:37:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-18 07:56:30 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-09-18 07:56:30 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-09-18 07:56:09 41224 ----a-w- C:\Windows\avastSS.scr
2012-09-18 07:55:52 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-18 07:55:52 -------- d-----w- C:\Program Files\AVAST Software
2012-09-18 06:34:33 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-18 06:34:08 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-18 06:34:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-18 06:29:17 -------- d-----w- C:\Users\resham\AppData\Roaming\SpeedyPC Software
2012-09-18 06:29:17 -------- d-----w- C:\Users\resham\AppData\Roaming\DriverCure
2012-09-18 06:29:08 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-09-18 05:15:25 -------- d-----w- C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
2012-09-18 05:15:13 404992 ----a-w- C:\Users\resham\AppData\Roaming\ethri.dll
2012-09-10 02:09:49 -------- d-----w- C:\Windows\System32\kodak
2012-09-10 02:08:15 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2012-09-10 01:12:54 -------- d-----w- C:\Windows\SysWow64\spool
2012-09-03 03:37:00 -------- d-----w- C:\Users\resham\AppData\Local\Spotify
2012-09-03 03:36:56 -------- d-----w- C:\Users\resham\AppData\Roaming\Spotify
2012-08-29 02:24:02 -------- d-----w- C:\Windows\SysWow64\kodak
2012-08-24 04:54:43 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-23 00:31:38 -------- d-----w- C:\Users\resham\AppData\Local\Macromedia
2012-08-23 00:28:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 00:28:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 02:19:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
.
==================== Find3M ====================
.
.
============= FINISH: 19:32:40.90 ===============
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/17/2009 12:05:41 PM
System Uptime: 9/18/2012 6:02:42 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 186.482 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.6
aioscnnr
Amazon Links
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
avast! Free Antivirus
C4USelfUpdater
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Cricket Broadband 1.0
DVD MovieFactory for TOSHIBA
essentials
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 6
KODAK AiO Software
Malwarebytes Anti-Malware version 1.65.0.1400
Maple 12
McAfee Security Scan Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
Notepad++
ocr
PreReq
QuickBooks Financial Center
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype™ 5.10
Spotify
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WildTangent Games
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
9/18/2012 6:05:42 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/18/2012 6:05:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ConfigFree Gadget Service service to connect.
9/18/2012 6:05:29 PM, Error: Service Control Manager [7000] - The ConfigFree Gadget Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/18/2012 6:02:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
9/17/2012 11:14:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server: {375FF000-DD27-11D9-8F9C-0002B3988E81}
9/17/2012 11:14:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/17/2012 11:12:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 spldr Wanarpv6
9/17/2012 11:12:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/17/2012 11:12:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/17/2012 11:12:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/17/2012 11:12:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/17/2012 11:12:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/17/2012 11:12:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/17/2012 11:12:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
9/17/2012 10:20:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/17/2012 10:20:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
9/17/2012 10:20:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/17/2012 10:19:29 PM, Error: EventLog [6008] - The previous system shutdown at 10:17:32 PM on 9/17/2012 was unexpected.
9/17/2012 10:14:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
9/15/2012 5:49:26 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0024D2326C0F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
9/14/2012 3:03:36 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 130.17.87.176, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/14/2012 1:38:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
9/13/2012 8:37:06 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
9/12/2012 8:03:10 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.35.164, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/11/2012 8:38:01 AM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.15.89, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
9/11/2012 6:15:02 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Hey Broni,
Iam not sure that I have the capability to unzip files installed on my pc. I know that I am not supposed to install anything while we are cleaning, do you have any suggestions on where I can safely download a tool to unzip the TDSS file? do I need to acquire this and start again?

Thanks for your help and patience
sandhu1
 
Broni,
will the aswMBR let me know when it is completed the scan? I clicked save log before it was completed because it had been idle for a few minutes, so I thought that it was complete. will this affect any thing or do I just save it again upon completion?also what do I do with these tools once I have completed the scans?
Thanks again for all your help, It is a wonderful feeling to see such kindness demonstrated in our world.
Sandhu1
 
Give aswMBR some time but run the tools in the order I posted. aswMBR as the last one.
We'll remove those tools when we're done.
 
Broni,
Well here are the logs you requested a couple of notes about the scans. On the TDSS scan while scanning my pc tried to open firefox and get online twice, it also opened my documents folder while scanning. Durring the RougeKiller scan a blue screen popped up I believe it was a ? "crash dump"? and restarted my computer. As I stated in my previous post I requested the report for the aswMBR scan prematurely to the scan being completed, I posted both the premi and complete logs for all of the scans requested.

Thanks Broni,
sandhu1
 
TDSSkiller log


20:22:02.0147 2760 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:22:02.0917 2760 ============================================================
20:22:02.0917 2760 Current date / time: 2012/09/19 20:22:02.0917
20:22:02.0917 2760 SystemInfo:
20:22:02.0917 2760
20:22:02.0917 2760 OS Version: 6.0.6001 ServicePack: 1.0
20:22:02.0917 2760 Product type: Workstation
20:22:02.0917 2760 ComputerName: RESHAM-PC
20:22:02.0917 2760 UserName: resham
20:22:02.0917 2760 Windows directory: C:\Windows
20:22:02.0917 2760 System windows directory: C:\Windows
20:22:02.0917 2760 Running under WOW64
20:22:02.0917 2760 Processor architecture: Intel x64
20:22:02.0917 2760 Number of processors: 2
20:22:02.0917 2760 Page size: 0x1000
20:22:02.0917 2760 Boot type: Normal boot
20:22:02.0917 2760 ============================================================
20:22:03.0597 2760 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:03.0597 2760 ============================================================
20:22:03.0597 2760 \Device\Harddisk0\DR0:
20:22:03.0597 2760 MBR partitions:
20:22:03.0597 2760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2411A800
20:22:03.0597 2760 ============================================================
20:22:03.0647 2760 C: <-> \Device\Harddisk0\DR0\Partition1
20:22:03.0647 2760 ============================================================
20:22:03.0647 2760 Initialize success
20:22:03.0647 2760 ============================================================
20:22:07.0837 1176 ============================================================
20:22:07.0837 1176 Scan started
20:22:07.0837 1176 Mode: Manual;
20:22:07.0837 1176 ============================================================
20:22:08.0157 1176 ================ Scan system memory ========================
20:22:08.0157 1176 System memory - ok
20:22:08.0157 1176 ================ Scan services =============================
20:22:08.0367 1176 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:22:08.0377 1176 ACPI - ok
20:22:08.0497 1176 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:22:08.0507 1176 AdobeFlashPlayerUpdateSvc - ok
20:22:08.0567 1176 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:22:08.0597 1176 adp94xx - ok
20:22:08.0667 1176 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:22:08.0677 1176 adpahci - ok
20:22:08.0717 1176 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:22:08.0717 1176 adpu160m - ok
20:22:08.0757 1176 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:22:08.0767 1176 adpu320 - ok
20:22:08.0817 1176 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:22:08.0817 1176 AeLookupSvc - ok
20:22:08.0877 1176 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
20:22:08.0897 1176 AFD - ok
20:22:08.0947 1176 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
20:22:08.0957 1176 AgereModemAudio - ok
20:22:09.0027 1176 [ 3627A62B10284FFBF862BFD49928EDF4 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:22:09.0047 1176 AgereSoftModem - ok
20:22:09.0107 1176 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:22:09.0107 1176 agp440 - ok
20:22:09.0147 1176 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:22:09.0147 1176 aic78xx - ok
20:22:09.0177 1176 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
20:22:09.0187 1176 ALG - ok
20:22:09.0217 1176 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
20:22:09.0217 1176 aliide - ok
20:22:09.0257 1176 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
20:22:09.0267 1176 amdide - ok
20:22:09.0287 1176 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:22:09.0297 1176 AmdK8 - ok
20:22:09.0347 1176 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
20:22:09.0357 1176 Appinfo - ok
20:22:09.0427 1176 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:22:09.0427 1176 Apple Mobile Device - ok
20:22:09.0457 1176 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
20:22:09.0467 1176 arc - ok
20:22:09.0507 1176 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:22:09.0507 1176 arcsas - ok
20:22:09.0557 1176 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
20:22:09.0557 1176 aswFsBlk - ok
20:22:09.0587 1176 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:22:09.0587 1176 aswMonFlt - ok
20:22:09.0637 1176 [ 2CF56F9848BF7841FF420E9DD95029EE ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
20:22:09.0637 1176 AswRdr - ok
20:22:09.0687 1176 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
20:22:09.0727 1176 aswSnx - ok
20:22:09.0757 1176 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
20:22:09.0777 1176 aswSP - ok
20:22:09.0807 1176 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
20:22:09.0807 1176 aswTdi - ok
20:22:09.0827 1176 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:22:09.0827 1176 AsyncMac - ok
20:22:09.0867 1176 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
20:22:09.0867 1176 atapi - ok
20:22:09.0937 1176 [ 45511C7E870D3ADDDD60049232EA96B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:22:09.0967 1176 athr - ok
20:22:10.0017 1176 [ 2BEBEDF0A2C6EEC436F0546432D10B3E ] ATMFBUS C:\Windows\system32\DRIVERS\ATMFBUS.sys
20:22:10.0017 1176 ATMFBUS - ok
20:22:10.0087 1176 [ 8C13767E368DE74CB44BF750F27EC9B8 ] ATMFCVsp C:\Windows\system32\DRIVERS\ATMFCVsp.sys
20:22:10.0087 1176 ATMFCVsp - ok
20:22:10.0147 1176 [ CB365FAB232D60423B287A650A092343 ] ATMFFLT C:\Windows\system32\DRIVERS\ATMFFLT.sys
20:22:10.0147 1176 ATMFFLT - ok
20:22:10.0187 1176 [ 7EDBB7DF5413CFD62EB247A3F5FEE03E ] ATMFMdm C:\Windows\system32\DRIVERS\ATMFMdm.sys
20:22:10.0197 1176 ATMFMdm - ok
20:22:10.0257 1176 [ 9DEFF1B882978630B64FA887BF1920F7 ] ATMFNET C:\Windows\system32\DRIVERS\ATMFNET.sys
20:22:10.0257 1176 ATMFNET - ok
20:22:10.0317 1176 [ 6C40F32270DE3579F26892BCD381F5EA ] ATMFNVsp C:\Windows\system32\DRIVERS\ATMFNVsp.sys
20:22:10.0327 1176 ATMFNVsp - ok
20:22:10.0367 1176 [ 7AA5D545E17306E4BE3F996D63ED8BEE ] ATMFVsp C:\Windows\system32\DRIVERS\ATMFVsp.sys
20:22:10.0367 1176 ATMFVsp - ok
20:22:10.0437 1176 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:22:10.0457 1176 AudioEndpointBuilder - ok
20:22:10.0497 1176 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:22:10.0507 1176 AudioSrv - ok
20:22:10.0667 1176 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:22:10.0667 1176 avast! Antivirus - ok
20:22:10.0707 1176 AVG Security Toolbar Service - ok
20:22:10.0737 1176 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:22:10.0747 1176 blbdrive - ok
20:22:10.0817 1176 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
20:22:10.0827 1176 Bonjour Service - ok
20:22:10.0867 1176 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:22:10.0867 1176 bowser - ok
20:22:10.0897 1176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:22:10.0897 1176 BrFiltLo - ok
20:22:10.0917 1176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:22:10.0917 1176 BrFiltUp - ok
20:22:10.0947 1176 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
20:22:10.0957 1176 Browser - ok
20:22:10.0977 1176 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
20:22:10.0977 1176 Brserid - ok
20:22:10.0997 1176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:22:10.0997 1176 BrSerWdm - ok
20:22:11.0047 1176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:22:11.0047 1176 BrUsbMdm - ok
20:22:11.0067 1176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:22:11.0077 1176 BrUsbSer - ok
20:22:11.0107 1176 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:22:11.0107 1176 BTHMODEM - ok
20:22:11.0127 1176 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:22:11.0127 1176 cdfs - ok
20:22:11.0147 1176 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:22:11.0147 1176 cdrom - ok
20:22:11.0167 1176 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
20:22:11.0177 1176 CertPropSvc - ok
20:22:11.0197 1176 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
20:22:11.0207 1176 circlass - ok
20:22:11.0237 1176 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
20:22:11.0247 1176 CLFS - ok
20:22:11.0297 1176 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:22:11.0297 1176 clr_optimization_v2.0.50727_32 - ok
20:22:11.0347 1176 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:22:11.0347 1176 clr_optimization_v2.0.50727_64 - ok
20:22:11.0437 1176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:22:11.0437 1176 clr_optimization_v4.0.30319_32 - ok
20:22:11.0447 1176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:22:11.0457 1176 clr_optimization_v4.0.30319_64 - ok
20:22:11.0497 1176 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:22:11.0507 1176 CmBatt - ok
20:22:11.0517 1176 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:22:11.0517 1176 cmdide - ok
20:22:11.0547 1176 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:22:11.0547 1176 Compbatt - ok
20:22:11.0557 1176 COMSysApp - ok
20:22:11.0617 1176 [ 5AC8A997E8D9C131B5F90B4F3CCFAE34 ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:22:11.0617 1176 ConfigFree Gadget Service - ok
20:22:11.0657 1176 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:22:11.0657 1176 ConfigFree Service - ok
20:22:11.0667 1176 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:22:11.0667 1176 crcdisk - ok
20:22:11.0717 1176 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:22:11.0717 1176 CryptSvc - ok
20:22:11.0777 1176 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
20:22:11.0797 1176 DcomLaunch - ok
20:22:11.0847 1176 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:22:11.0847 1176 DfsC - ok
20:22:12.0017 1176 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
20:22:12.0097 1176 DFSR - ok
20:22:12.0147 1176 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:22:12.0147 1176 Dhcp - ok
20:22:12.0167 1176 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
20:22:12.0167 1176 disk - ok
20:22:12.0197 1176 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:22:12.0197 1176 Dnscache - ok
20:22:12.0227 1176 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
20:22:12.0227 1176 dot3svc - ok
20:22:12.0237 1176 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
20:22:12.0247 1176 DPS - ok
20:22:12.0277 1176 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:22:12.0277 1176 drmkaud - ok
20:22:12.0317 1176 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:22:12.0347 1176 DXGKrnl - ok
20:22:12.0377 1176 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:22:12.0377 1176 E1G60 - ok
20:22:12.0407 1176 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
20:22:12.0407 1176 EapHost - ok
20:22:12.0437 1176 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
20:22:12.0437 1176 Ecache - ok
20:22:12.0497 1176 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:22:12.0507 1176 ehRecvr - ok
20:22:12.0527 1176 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
20:22:12.0527 1176 ehSched - ok
20:22:12.0547 1176 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
20:22:12.0547 1176 ehstart - ok
20:22:12.0597 1176 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:22:12.0607 1176 elxstor - ok
20:22:12.0667 1176 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:22:12.0677 1176 EMDMgmt - ok
20:22:12.0717 1176 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:22:12.0717 1176 ErrDev - ok
20:22:12.0787 1176 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
20:22:12.0797 1176 EventSystem - ok
20:22:12.0827 1176 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:22:12.0837 1176 exfat - ok
20:22:12.0867 1176 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:22:12.0867 1176 fastfat - ok
20:22:12.0907 1176 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:22:12.0907 1176 fdc - ok
20:22:12.0937 1176 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
20:22:12.0937 1176 fdPHost - ok
20:22:12.0967 1176 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
20:22:12.0967 1176 FDResPub - ok
20:22:12.0997 1176 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:22:12.0997 1176 FileInfo - ok
20:22:13.0037 1176 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:22:13.0037 1176 Filetrace - ok
20:22:13.0057 1176 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:13.0057 1176 flpydisk - ok
20:22:13.0087 1176 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:22:13.0097 1176 FltMgr - ok
20:22:13.0157 1176 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:22:13.0157 1176 FontCache3.0.0.0 - ok
20:22:13.0207 1176 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:22:13.0217 1176 Fs_Rec - ok
20:22:13.0277 1176 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
20:22:13.0277 1176 FwLnk - ok
20:22:13.0337 1176 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:22:13.0337 1176 gagp30kx - ok
20:22:13.0437 1176 [ 9DCF7DFE5FDBB0A47F8EE01FE13C2876 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
20:22:13.0447 1176 GameConsoleService - ok
20:22:13.0507 1176 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:22:13.0507 1176 GEARAspiWDM - ok
20:22:13.0597 1176 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
20:22:13.0607 1176 gpsvc - ok
20:22:13.0667 1176 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:22:13.0667 1176 gupdate - ok
20:22:13.0697 1176 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:22:13.0697 1176 gupdatem - ok
20:22:13.0737 1176 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:22:13.0737 1176 gusvc - ok
20:22:13.0807 1176 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:22:13.0807 1176 HdAudAddService - ok
20:22:13.0857 1176 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:22:13.0857 1176 HDAudBus - ok
20:22:13.0887 1176 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:22:13.0897 1176 HidBth - ok
20:22:13.0927 1176 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:22:13.0937 1176 HidIr - ok
20:22:13.0977 1176 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
20:22:13.0977 1176 hidserv - ok
20:22:14.0017 1176 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:22:14.0017 1176 HidUsb - ok
20:22:14.0047 1176 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
20:22:14.0057 1176 hkmsvc - ok
20:22:14.0077 1176 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:22:14.0077 1176 HpCISSs - ok
20:22:14.0117 1176 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:22:14.0147 1176 HTTP - ok
20:22:14.0177 1176 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:22:14.0177 1176 i2omp - ok
20:22:14.0207 1176 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:22:14.0207 1176 i8042prt - ok
20:22:14.0267 1176 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:22:14.0277 1176 IAANTMON - ok
20:22:14.0327 1176 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:22:14.0327 1176 iaStor - ok
20:22:14.0367 1176 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:22:14.0397 1176 iaStorV - ok
20:22:14.0467 1176 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:22:14.0467 1176 IDriverT - ok
20:22:14.0557 1176 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:22:14.0587 1176 idsvc - ok
20:22:14.0897 1176 [ 663E7364F650A915D415EEB2DA98D86A ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:22:15.0177 1176 igfx - ok
20:22:15.0217 1176 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:22:15.0217 1176 iirsp - ok
20:22:15.0277 1176 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
20:22:15.0297 1176 IKEEXT - ok
20:22:15.0377 1176 [ 1835B384D2D66752ED1460E9085230BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:22:15.0417 1176 IntcAzAudAddService - ok
20:22:15.0467 1176 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
20:22:15.0467 1176 intelide - ok
20:22:15.0487 1176 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:22:15.0487 1176 intelppm - ok
20:22:15.0507 1176 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:22:15.0517 1176 IPBusEnum - ok
20:22:15.0547 1176 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:15.0557 1176 IpFilterDriver - ok
20:22:15.0567 1176 IpInIp - ok
20:22:15.0597 1176 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:22:15.0597 1176 IPMIDRV - ok
20:22:15.0637 1176 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:22:15.0647 1176 IPNAT - ok
20:22:15.0687 1176 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:22:15.0727 1176 iPod Service - ok
20:22:15.0747 1176 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:22:15.0747 1176 IRENUM - ok
20:22:15.0777 1176 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:22:15.0787 1176 isapnp - ok
20:22:15.0827 1176 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:22:15.0837 1176 iScsiPrt - ok
20:22:15.0857 1176 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:22:15.0857 1176 iteatapi - ok
20:22:15.0887 1176 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:22:15.0887 1176 iteraid - ok
20:22:15.0977 1176 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files (x86)\Jumpstart\jswpsapi.exe
20:22:16.0017 1176 jswpsapi - ok
20:22:16.0057 1176 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:22:16.0057 1176 kbdclass - ok
20:22:16.0077 1176 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:22:16.0077 1176 kbdhid - ok
20:22:16.0107 1176 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
20:22:16.0117 1176 KeyIso - ok
20:22:16.0207 1176 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:22:16.0217 1176 Kodak AiO Network Discovery Service - ok
20:22:16.0287 1176 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
20:22:16.0307 1176 Kodak AiO Status Monitor Service - ok
20:22:16.0347 1176 [ 7C999F96B239E214154DB3C808E6736A ] KR10I64 C:\Windows\system32\drivers\kr10i64.sys
20:22:16.0357 1176 KR10I64 - ok
20:22:16.0397 1176 [ 8CB9A9164D4E789424F943FA718FA3F2 ] KR10N64 C:\Windows\system32\drivers\kr10n64.sys
20:22:16.0397 1176 KR10N64 - ok
20:22:16.0447 1176 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:22:16.0467 1176 KSecDD - ok
20:22:16.0507 1176 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:22:16.0507 1176 ksthunk - ok
20:22:16.0547 1176 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
20:22:16.0567 1176 KtmRm - ok
20:22:16.0597 1176 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:22:16.0607 1176 LanmanServer - ok
20:22:16.0647 1176 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:22:16.0657 1176 LanmanWorkstation - ok
20:22:16.0677 1176 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:22:16.0677 1176 lltdio - ok
20:22:16.0747 1176 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:22:16.0757 1176 lltdsvc - ok
20:22:16.0787 1176 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:22:16.0797 1176 lmhosts - ok
20:22:16.0877 1176 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:22:16.0877 1176 LSI_FC - ok
20:22:16.0897 1176 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:22:16.0897 1176 LSI_SAS - ok
20:22:16.0967 1176 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:22:16.0967 1176 LSI_SCSI - ok
20:22:16.0997 1176 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
20:22:16.0997 1176 luafv - ok
20:22:17.0067 1176 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
20:22:17.0067 1176 McComponentHostService - ok
20:22:17.0107 1176 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:22:17.0117 1176 Mcx2Svc - ok
20:22:17.0167 1176 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
20:22:17.0167 1176 megasas - ok
20:22:17.0227 1176 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:22:17.0247 1176 MegaSR - ok
20:22:17.0277 1176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
20:22:17.0287 1176 MMCSS - ok
20:22:17.0307 1176 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
20:22:17.0317 1176 Modem - ok
20:22:17.0337 1176 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:22:17.0337 1176 monitor - ok
20:22:17.0357 1176 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:22:17.0357 1176 mouclass - ok
20:22:17.0387 1176 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:22:17.0397 1176 mouhid - ok
20:22:17.0417 1176 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:22:17.0417 1176 MountMgr - ok
20:22:17.0497 1176 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:22:17.0497 1176 MozillaMaintenance - ok
20:22:17.0527 1176 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
20:22:17.0537 1176 mpio - ok
20:22:17.0567 1176 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:22:17.0567 1176 mpsdrv - ok
20:22:17.0597 1176 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:22:17.0597 1176 Mraid35x - ok
20:22:17.0607 1176 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:22:17.0607 1176 MRxDAV - ok
20:22:17.0647 1176 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
 
TDSS Logs continued
---------------------------------------------------------------------------------------------------------------------------------------------
20:22:17.0647 1176 mrxsmb - ok
20:22:17.0677 1176 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:22:17.0687 1176 mrxsmb10 - ok
20:22:17.0697 1176 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:22:17.0697 1176 mrxsmb20 - ok
20:22:17.0737 1176 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
20:22:17.0737 1176 msahci - ok
20:22:17.0757 1176 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:22:17.0767 1176 msdsm - ok
20:22:17.0787 1176 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
20:22:17.0787 1176 MSDTC - ok
20:22:17.0827 1176 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:22:17.0827 1176 Msfs - ok
20:22:17.0857 1176 [ E7204A02A42FC331E9CA9D9521105B14 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:22:17.0857 1176 msisadrv - ok
20:22:17.0877 1176 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:22:17.0887 1176 MSiSCSI - ok
20:22:17.0887 1176 msiserver - ok
20:22:17.0947 1176 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:22:17.0947 1176 MSKSSRV - ok
20:22:17.0967 1176 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:22:17.0977 1176 MSPCLOCK - ok
20:22:18.0027 1176 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:22:18.0027 1176 MSPQM - ok
20:22:18.0057 1176 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:22:18.0067 1176 MsRPC - ok
20:22:18.0087 1176 [ C68739CFA09401233C72B1047DBF0008 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:22:18.0087 1176 mssmbios - ok
20:22:18.0117 1176 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:22:18.0117 1176 MSTEE - ok
20:22:18.0137 1176 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
20:22:18.0137 1176 Mup - ok
20:22:18.0167 1176 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
20:22:18.0197 1176 napagent - ok
20:22:18.0227 1176 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:22:18.0227 1176 NativeWifiP - ok
20:22:18.0277 1176 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
20:22:18.0297 1176 NDIS - ok
20:22:18.0317 1176 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:22:18.0317 1176 NdisTapi - ok
20:22:18.0337 1176 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:22:18.0337 1176 Ndisuio - ok
20:22:18.0347 1176 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:22:18.0357 1176 NdisWan - ok
20:22:18.0377 1176 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:22:18.0377 1176 NDProxy - ok
20:22:18.0387 1176 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:22:18.0397 1176 NetBIOS - ok
20:22:18.0417 1176 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:22:18.0427 1176 netbt - ok
20:22:18.0447 1176 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
20:22:18.0447 1176 Netlogon - ok
20:22:18.0487 1176 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
20:22:18.0507 1176 Netman - ok
20:22:18.0537 1176 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
20:22:18.0557 1176 netprofm - ok
20:22:18.0587 1176 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:22:18.0587 1176 NetTcpPortSharing - ok
20:22:18.0617 1176 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:22:18.0627 1176 nfrd960 - ok
20:22:18.0657 1176 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
20:22:18.0667 1176 NlaSvc - ok
20:22:18.0687 1176 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:22:18.0687 1176 Npfs - ok
20:22:18.0707 1176 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
20:22:18.0717 1176 nsi - ok
20:22:18.0747 1176 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:22:18.0747 1176 nsiproxy - ok
20:22:18.0817 1176 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:22:18.0857 1176 Ntfs - ok
20:22:18.0877 1176 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
20:22:18.0877 1176 Null - ok
20:22:18.0907 1176 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:22:18.0917 1176 nvraid - ok
20:22:18.0937 1176 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:22:18.0937 1176 nvstor - ok
20:22:18.0967 1176 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:22:18.0967 1176 nv_agp - ok
20:22:18.0977 1176 NwlnkFlt - ok
20:22:18.0987 1176 NwlnkFwd - ok
20:22:19.0087 1176 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:22:19.0087 1176 odserv - ok
20:22:19.0147 1176 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:22:19.0147 1176 ohci1394 - ok
20:22:19.0177 1176 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:22:19.0187 1176 ose - ok
20:22:19.0237 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:22:19.0257 1176 p2pimsvc - ok
20:22:19.0297 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
20:22:19.0307 1176 p2psvc - ok
20:22:19.0327 1176 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
20:22:19.0327 1176 Parport - ok
20:22:19.0347 1176 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:22:19.0347 1176 partmgr - ok
20:22:19.0367 1176 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
20:22:19.0377 1176 PcaSvc - ok
20:22:19.0387 1176 [ 7A3DC4201208437D7D5C426789E92054 ] pci C:\Windows\system32\drivers\pci.sys
20:22:19.0397 1176 pci - ok
20:22:19.0407 1176 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:22:19.0407 1176 pciide - ok
20:22:19.0427 1176 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:22:19.0427 1176 pcmcia - ok
20:22:19.0467 1176 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:22:19.0507 1176 PEAUTH - ok
20:22:19.0577 1176 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:22:19.0577 1176 PerfHost - ok
20:22:19.0657 1176 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
20:22:19.0707 1176 pla - ok
20:22:19.0747 1176 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:22:19.0777 1176 PlugPlay - ok
20:22:19.0817 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:22:19.0827 1176 PNRPAutoReg - ok
20:22:19.0857 1176 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:22:19.0867 1176 PNRPsvc - ok
20:22:19.0907 1176 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:22:19.0927 1176 PolicyAgent - ok
20:22:19.0957 1176 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:22:19.0967 1176 PptpMiniport - ok
20:22:19.0987 1176 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
20:22:19.0987 1176 Processor - ok
20:22:20.0027 1176 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
20:22:20.0037 1176 ProfSvc - ok
20:22:20.0057 1176 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:22:20.0057 1176 ProtectedStorage - ok
20:22:20.0097 1176 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:22:20.0107 1176 PSched - ok
20:22:20.0167 1176 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:22:20.0197 1176 ql2300 - ok
20:22:20.0227 1176 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:22:20.0227 1176 ql40xx - ok
20:22:20.0267 1176 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
20:22:20.0287 1176 QWAVE - ok
20:22:20.0307 1176 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:22:20.0307 1176 QWAVEdrv - ok
20:22:20.0337 1176 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:22:20.0347 1176 RasAcd - ok
20:22:20.0387 1176 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
20:22:20.0387 1176 RasAuto - ok
20:22:20.0427 1176 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:22:20.0427 1176 Rasl2tp - ok
20:22:20.0467 1176 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
20:22:20.0477 1176 RasMan - ok
20:22:20.0527 1176 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:22:20.0527 1176 RasPppoe - ok
20:22:20.0547 1176 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:22:20.0557 1176 RasSstp - ok
20:22:20.0617 1176 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:22:20.0627 1176 rdbss - ok
20:22:20.0637 1176 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:22:20.0647 1176 RDPCDD - ok
20:22:20.0687 1176 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:22:20.0697 1176 rdpdr - ok
20:22:20.0707 1176 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:22:20.0707 1176 RDPENCDD - ok
20:22:20.0757 1176 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:22:20.0767 1176 RDPWD - ok
20:22:20.0817 1176 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:22:20.0837 1176 RemoteAccess - ok
20:22:20.0867 1176 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:22:20.0877 1176 RemoteRegistry - ok
20:22:20.0897 1176 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
20:22:20.0897 1176 RpcLocator - ok
20:22:20.0937 1176 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
20:22:20.0957 1176 RpcSs - ok
20:22:20.0987 1176 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:22:20.0987 1176 rspndr - ok
20:22:21.0017 1176 [ BF55641FC2F759281B9BF59D5DAA8FDE ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
20:22:21.0027 1176 RTL8169 - ok
20:22:21.0037 1176 [ 108729909CE285A352A1D1CB96BB1B2E ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
20:22:21.0037 1176 RTSTOR - ok
20:22:21.0057 1176 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
20:22:21.0057 1176 SamSs - ok
20:22:21.0097 1176 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:22:21.0117 1176 sbp2port - ok
20:22:21.0157 1176 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:22:21.0167 1176 SCardSvr - ok
20:22:21.0217 1176 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
20:22:21.0247 1176 Schedule - ok
20:22:21.0287 1176 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:22:21.0287 1176 SCPolicySvc - ok
20:22:21.0307 1176 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:22:21.0317 1176 SDRSVC - ok
20:22:21.0347 1176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:22:21.0357 1176 secdrv - ok
20:22:21.0377 1176 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
20:22:21.0387 1176 seclogon - ok
20:22:21.0407 1176 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
20:22:21.0417 1176 SENS - ok
20:22:21.0447 1176 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:22:21.0447 1176 Serenum - ok
20:22:21.0457 1176 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
20:22:21.0467 1176 Serial - ok
20:22:21.0487 1176 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:22:21.0487 1176 sermouse - ok
20:22:21.0547 1176 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
20:22:21.0547 1176 SessionEnv - ok
20:22:21.0567 1176 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:22:21.0567 1176 sffdisk - ok
20:22:21.0577 1176 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:22:21.0577 1176 sffp_mmc - ok
20:22:21.0607 1176 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:22:21.0607 1176 sffp_sd - ok
20:22:21.0617 1176 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:22:21.0627 1176 sfloppy - ok
20:22:21.0667 1176 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:22:21.0677 1176 ShellHWDetection - ok
20:22:21.0697 1176 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:22:21.0697 1176 SiSRaid2 - ok
20:22:21.0717 1176 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:22:21.0727 1176 SiSRaid4 - ok
20:22:21.0807 1176 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:22:21.0807 1176 SkypeUpdate - ok
20:22:21.0907 1176 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
20:22:21.0967 1176 slsvc - ok
20:22:21.0987 1176 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:22:21.0997 1176 SLUINotify - ok
20:22:22.0057 1176 [ 79ED2D6DEC26E0FEFB93EA21F09E6A51 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
20:22:22.0077 1176 SmartFaceVWatchSrv - ok
20:22:22.0097 1176 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:22:22.0107 1176 Smb - ok
20:22:22.0147 1176 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:22:22.0157 1176 SNMPTRAP - ok
20:22:22.0177 1176 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
20:22:22.0187 1176 spldr - ok
20:22:22.0207 1176 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
20:22:22.0227 1176 Spooler - ok
20:22:22.0257 1176 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:22:22.0267 1176 srv - ok
20:22:22.0297 1176 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:22:22.0307 1176 srv2 - ok
20:22:22.0317 1176 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:22:22.0327 1176 srvnet - ok
20:22:22.0347 1176 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:22:22.0357 1176 SSDPSRV - ok
20:22:22.0387 1176 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:22:22.0397 1176 SstpSvc - ok
20:22:22.0427 1176 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
20:22:22.0447 1176 stisvc - ok
20:22:22.0497 1176 SVRPEDRV - ok
20:22:22.0537 1176 [ 409F0882AFBB34832B24370C23C550B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:22:22.0547 1176 swenum - ok
20:22:22.0567 1176 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
20:22:22.0597 1176 swprv - ok
20:22:22.0607 1176 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:22:22.0607 1176 Symc8xx - ok
20:22:22.0627 1176 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:22:22.0627 1176 Sym_hi - ok
20:22:22.0657 1176 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:22:22.0657 1176 Sym_u3 - ok
20:22:22.0697 1176 [ 572438150FC79E41A0348E3DC56B1DD2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:22:22.0697 1176 SynTP - ok
20:22:22.0737 1176 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
20:22:22.0757 1176 SysMain - ok
20:22:22.0777 1176 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:22:22.0787 1176 TabletInputService - ok
20:22:22.0807 1176 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
20:22:22.0827 1176 TapiSrv - ok
20:22:22.0847 1176 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
20:22:22.0847 1176 TBS - ok
20:22:22.0907 1176 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:22:22.0937 1176 Tcpip - ok
20:22:22.0977 1176 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:22:22.0997 1176 Tcpip6 - ok
20:22:23.0027 1176 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:22:23.0027 1176 tcpipreg - ok
20:22:23.0047 1176 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:22:23.0047 1176 tdcmdpst - ok
20:22:23.0077 1176 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:22:23.0077 1176 TDPIPE - ok
20:22:23.0097 1176 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:22:23.0097 1176 TDTCP - ok
20:22:23.0127 1176 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:22:23.0127 1176 tdx - ok
20:22:23.0147 1176 [ 134507AA0B5A2ACF57F657D2F956F4E1 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:22:23.0147 1176 TermDD - ok
20:22:23.0187 1176 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
20:22:23.0217 1176 TermService - ok
20:22:23.0237 1176 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
20:22:23.0237 1176 Themes - ok
20:22:23.0257 1176 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
20:22:23.0257 1176 THREADORDER - ok
20:22:23.0327 1176 [ E09CAAFB2B323A6FF120CEFB96DA0A44 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:22:23.0327 1176 TMachInfo - ok
20:22:23.0377 1176 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:22:23.0377 1176 TNaviSrv - ok
20:22:23.0427 1176 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:22:23.0437 1176 TODDSrv - ok
20:22:23.0477 1176 [ E17A81E6AD0E89630A3B0F2ED5CBBDF5 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:22:23.0487 1176 TosCoSrv - ok
20:22:23.0497 1176 [ 19D979B9F6373A7CB17EBB7594FEB819 ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
20:22:23.0507 1176 TOSHIBA SMART Log Service - ok
20:22:23.0557 1176 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
20:22:23.0577 1176 tos_sps64 - ok
20:22:23.0617 1176 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
20:22:23.0617 1176 TrkWks - ok
20:22:23.0667 1176 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:22:23.0677 1176 TrustedInstaller - ok
20:22:23.0717 1176 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:22:23.0717 1176 tssecsrv - ok
20:22:23.0737 1176 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:22:23.0737 1176 tunmp - ok
20:22:23.0777 1176 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:22:23.0777 1176 tunnel - ok
20:22:23.0797 1176 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:22:23.0797 1176 TVALZ - ok
20:22:23.0837 1176 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:22:23.0847 1176 uagp35 - ok
20:22:23.0877 1176 [ 93EDD10512C981D8F5189E1C048A4280 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:22:23.0887 1176 udfs - ok
20:22:23.0927 1176 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:22:23.0927 1176 UI0Detect - ok
20:22:23.0997 1176 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:22:23.0997 1176 UleadBurningHelper - ok
20:22:24.0017 1176 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:22:24.0027 1176 uliagpkx - ok
20:22:24.0057 1176 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:22:24.0067 1176 uliahci - ok
20:22:24.0097 1176 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:22:24.0097 1176 UlSata - ok
20:22:24.0127 1176 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:22:24.0137 1176 ulsata2 - ok
20:22:24.0177 1176 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:22:24.0177 1176 umbus - ok
20:22:24.0207 1176 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
20:22:24.0227 1176 upnphost - ok
20:22:24.0277 1176 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:22:24.0277 1176 USBAAPL64 - ok
20:22:24.0317 1176 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:24.0317 1176 usbccgp - ok
20:22:24.0347 1176 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:22:24.0347 1176 usbcir - ok
20:22:24.0377 1176 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:22:24.0387 1176 usbehci - ok
20:22:24.0407 1176 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:22:24.0417 1176 usbhub - ok
20:22:24.0427 1176 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:22:24.0437 1176 usbohci - ok
20:22:24.0477 1176 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:22:24.0487 1176 usbprint - ok
20:22:24.0557 1176 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:22:24.0557 1176 usbscan - ok
20:22:24.0607 1176 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:24.0607 1176 USBSTOR - ok
20:22:24.0627 1176 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:22:24.0627 1176 usbuhci - ok
20:22:24.0667 1176 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:22:24.0667 1176 usbvideo - ok
20:22:24.0697 1176 [ 060B7863943625E0193A3575C0C59E52 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:22:24.0707 1176 UVCFTR - ok
20:22:24.0727 1176 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
20:22:24.0737 1176 UxSms - ok
20:22:24.0787 1176 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
20:22:24.0807 1176 vds - ok
20:22:24.0837 1176 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:24.0837 1176 vga - ok
20:22:24.0867 1176 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:22:24.0867 1176 VgaSave - ok
20:22:24.0887 1176 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
20:22:24.0887 1176 viaide - ok
20:22:24.0917 1176 [ 28B52D1F950B36E03819013D0B7514BC ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:22:24.0917 1176 volmgr - ok
20:22:24.0947 1176 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:22:24.0957 1176 volmgrx - ok
20:22:24.0967 1176 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:22:24.0977 1176 volsnap - ok
20:22:25.0007 1176 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:22:25.0017 1176 vsmraid - ok
20:22:25.0087 1176 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
20:22:25.0127 1176 VSS - ok
20:22:25.0167 1176 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
20:22:25.0187 1176 W32Time - ok
20:22:25.0217 1176 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:22:25.0217 1176 WacomPen - ok
20:22:25.0237 1176 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:22:25.0247 1176 Wanarp - ok
20:22:25.0247 1176 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:22:25.0257 1176 Wanarpv6 - ok
20:22:25.0297 1176 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:22:25.0327 1176 wcncsvc - ok
20:22:25.0347 1176 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:22:25.0347 1176 WcsPlugInService - ok
20:22:25.0397 1176 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
20:22:25.0397 1176 Wd - ok
20:22:25.0457 1176 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:22:25.0477 1176 Wdf01000 - ok
20:22:25.0507 1176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:22:25.0507 1176 WdiServiceHost - ok
20:22:25.0517 1176 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:22:25.0527 1176 WdiSystemHost - ok
20:22:25.0557 1176 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
20:22:25.0577 1176 WebClient - ok
20:22:25.0607 1176 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:22:25.0617 1176 Wecsvc - ok
20:22:25.0637 1176 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:22:25.0647 1176 wercplsupport - ok
20:22:25.0667 1176 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
20:22:25.0677 1176 WerSvc - ok
20:22:25.0697 1176 WinHttpAutoProxySvc - ok
20:22:25.0747 1176 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:22:25.0757 1176 Winmgmt - ok
20:22:25.0837 1176 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
20:22:25.0907 1176 WinRM - ok
20:22:25.0957 1176 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
20:22:25.0977 1176 Wlansvc - ok
20:22:25.0997 1176 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:22:25.0997 1176 WmiAcpi - ok
20:22:26.0037 1176 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:22:26.0037 1176 wmiApSrv - ok
20:22:26.0067 1176 WMPNetworkSvc - ok
20:22:26.0107 1176 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:22:26.0117 1176 WPCSvc - ok
20:22:26.0127 1176 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:22:26.0137 1176 WPDBusEnum - ok
20:22:26.0177 1176 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:22:26.0177 1176 WpdUsb - ok
20:22:26.0277 1176 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:22:26.0307 1176 WPFFontCache_v0400 - ok
20:22:26.0347 1176 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:22:26.0347 1176 ws2ifsl - ok
20:22:26.0357 1176 WSearch - ok
20:22:26.0407 1176 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:26.0407 1176 WUDFRd - ok
20:22:26.0447 1176 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:22:26.0457 1176 wudfsvc - ok
20:22:26.0537 1176 ================ Scan global ===============================
20:22:26.0567 1176 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
20:22:26.0617 1176 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:22:26.0657 1176 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
20:22:26.0697 1176 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
20:22:26.0727 1176 [Global] - ok
20:22:26.0727 1176 ================ Scan MBR ==================================
20:22:26.0737 1176 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:22:27.0247 1176 \Device\Harddisk0\DR0 - ok
20:22:27.0257 1176 ================ Scan VBR ==================================
20:22:27.0257 1176 [ D768FE5158107B69A3A1BF7A0E398E34 ] \Device\Harddisk0\DR0\Partition1
20:22:27.0257 1176 \Device\Harddisk0\DR0\Partition1 - ok
20:22:27.0257 1176 ============================================================
20:22:27.0257 1176 Scan finished
20:22:27.0257 1176 ============================================================
20:22:27.0277 5956 Detected object count: 0
20:22:27.0277 5956 Actual detected object count: 0

--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------


RogueKiller log from initial scan before blue screen

--------------------------------------------------------------------------------
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : resham [Admin rights]
Mode : Scan -- Date : 09/19/2012 20:33:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3902824652-3120505283-713476528-1000[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3902824652-3120505283-713476528-1000[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
--- User ---
[MBR] 514a22f70c1395db49d195faab80b841
[BSP] bd24df34669357fa5d38b5181205fde2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295477 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608210944 | Size: 8267 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



--------------------------------------------------------------------------------------------

Rouge killer scan 2
---------------------------------------------------------------------------------------------

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Started in : Normal mode
User : resham [Admin rights]
Mode : Remove -- Date : 09/19/2012 20:34:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : ethri ( "C:\Users\resham\AppData\Roaming\ethri.dll",Instance_New) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$279896eb0829f75e17013cf93b5d347f\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3902824652-3120505283-713476528-1000\$279896eb0829f75e17013cf93b5d347f\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G1 +++++
--- User ---
[MBR] 514a22f70c1395db49d195faab80b841
[BSP] bd24df34669357fa5d38b5181205fde2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295477 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608210944 | Size: 8267 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



---------------------------------------------------------------------------------------------------------------------------------------------------------

Aswmbr scan log before complete
-------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-19 20:45:28
-----------------------------
20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
20:45:28.973 Number of processors: 2 586 0xF0D
20:45:28.973 ComputerName: RESHAM-PC UserName: resham
20:45:31.937 Initialize success
20:45:32.124 AVAST engine defs: 12091901
20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
20:45:40.408 Disk 0 MBR read successfully
20:45:40.423 Disk 0 MBR scan
20:45:40.423 Disk 0 Windows VISTA default MBR code
20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
20:45:58.738 Service scanning
20:46:18.487 Modules scanning
20:46:18.487 Disk 0 trace - called modules:
20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
20:46:20.375 AVAST engine scan C:\Windows
20:46:34.664 AVAST engine scan C:\Windows\system32
20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
20:51:41.780 AVAST engine scan C:\Users\resham
20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-19 20:45:28
-----------------------------
20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
20:45:28.973 Number of processors: 2 586 0xF0D
20:45:28.973 ComputerName: RESHAM-PC UserName: resham
20:45:31.937 Initialize success
20:45:32.124 AVAST engine defs: 12091901
20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
20:45:40.408 Disk 0 MBR read successfully
20:45:40.423 Disk 0 MBR scan
20:45:40.423 Disk 0 Windows VISTA default MBR code
20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
20:45:58.738 Service scanning
20:46:18.487 Modules scanning
20:46:18.487 Disk 0 trace - called modules:
20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
20:46:20.375 AVAST engine scan C:\Windows
20:46:34.664 AVAST engine scan C:\Windows\system32
20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
20:51:41.780 AVAST engine scan C:\Users\resham
20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
20:58:43.352 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
20:58:43.372 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"


-------------------------------------------------------------------------------------------------------------
ASWMBR scan 2 after complete
-------------------------------------------------------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-19 20:45:28
-----------------------------
20:45:28.973 OS Version: Windows x64 6.0.6001 Service Pack 1
20:45:28.973 Number of processors: 2 586 0xF0D
20:45:28.973 ComputerName: RESHAM-PC UserName: resham
20:45:31.937 Initialize success
20:45:32.124 AVAST engine defs: 12091901
20:45:40.345 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:45:40.361 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
20:45:40.408 Disk 0 MBR read successfully
20:45:40.423 Disk 0 MBR scan
20:45:40.423 Disk 0 Windows VISTA default MBR code
20:45:40.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:45:40.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295477 MB offset 3074048
20:45:40.517 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8267 MB offset 608210944
20:45:40.564 Disk 0 scanning C:\Windows\system32\drivers
20:45:58.738 Service scanning
20:46:18.487 Modules scanning
20:46:18.487 Disk 0 trace - called modules:
20:46:18.550 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:46:18.565 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d84f0]
20:46:18.565 3 CLASSPNP.SYS[fffffa6000fceb3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c0a050]
20:46:20.375 AVAST engine scan C:\Windows
20:46:34.664 AVAST engine scan C:\Windows\system32
20:50:41.502 AVAST engine scan C:\Windows\system32\drivers
20:51:41.780 AVAST engine scan C:\Users\resham
20:57:54.230 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
20:57:54.250 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
20:58:43.352 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
20:58:43.372 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR.txt"
20:59:37.203 File: C:\Users\resham\AppData\Roaming\ethri.dll **INFECTED** Win32:Agent-APXM [Trj]
21:10:26.475 AVAST engine scan C:\ProgramData
21:12:53.882 Scan finished successfully
21:24:05.100 Disk 0 MBR has been saved successfully to "C:\Users\resham\Contacts\Desktop\MBR.dat"
21:24:05.110 The log file has been saved successfully to "C:\Users\resham\Contacts\Desktop\aswMBR2.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Here are the logs you requested sorry for the delay, I have been terribly busy.
Frst------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 01-10-2012 13:29:42
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RAVCpl64.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [518008 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM-x32\...\Run: [cfFncEnabler.exe] cfFncEnabler.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide [1242424 2008-08-04] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
HKLM-x32\...\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe" [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-02-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [69120 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Mina pks\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Mina pks\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Mina pks\...\Policies\system: [LogonHoursAction] 2
HKU\Mina pks\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\resham\...\Run: [TOSCDSPD] TOSCDSPD.EXE [x]
HKU\resham\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-03-17] (Google Inc.)
HKU\resham\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\resham\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\resham\...\Run: [Spotify] "C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [5576408 2012-09-02] (Spotify Ltd)
HKU\resham\...\Run: [Spotify Web Helper] "C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-09-02] ()
HKU\resham\...\Policies\system: [LogonHoursAction] 2
HKU\resham\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Resham2\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\Resham2\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\Resham2\...\Policies\system: [LogonHoursAction] 2
HKU\Resham2\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\tearsa\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2008-01-20] (Microsoft Corporation)
HKU\tearsa\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [432640 2008-05-19] (TOSHIBA)
HKU\tearsa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-03-17] (Google Inc.)
HKU\tearsa\...\Policies\system: [LogonHoursAction] 2
HKU\tearsa\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNjA5MzU3NTE4LVZJUCsxLUZMMTArMS1YTzEwKzExLVRVRyszLUREVCs1OTczNi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzEtRjEwTTEyVEErMS1WSVAxMisxLVRMKzEtRjEwTTEyUisxLUNJRDEwKzEtQ0lEKzEw"&"prod=90"&"ver=10.0.1427 [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\resham\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-07-18] (TOSHIBA Corporation)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [44272 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
3 ATMFBUS; C:\Windows\System32\Drivers\ATMFBUS.sys [63488 2009-10-01] (DEVGURU Co., LTD.)
3 ATMFCVsp; C:\Windows\System32\Drivers\ATMFCVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 ATMFFLT; C:\Windows\System32\Drivers\ATMFFLT.sys [15872 2009-10-01] (DEVGURU Co., LTD.)
3 ATMFMdm; C:\Windows\System32\Drivers\ATMFMdm.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 ATMFNET; C:\Windows\System32\Drivers\ATMFNET.sys [133632 2009-10-01] (DEVGURU Co., LTD.)
3 ATMFNVsp; C:\Windows\System32\Drivers\ATMFNVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 ATMFVsp; C:\Windows\System32\Drivers\ATMFVsp.sys [166528 2009-10-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SVRPEDRV; \??\C:\Windows\SysWOW64\sysprep\UP_date\PEDrv.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-30 23:56 - 2012-09-30 23:59 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_resham.job
2012-09-30 23:56 - 2012-09-30 23:56 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
2012-09-30 23:56 - 2012-09-30 23:56 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_resham.job
2012-09-26 18:24 - 2012-09-26 18:24 - 01455249 ____A (Farbar) C:\Users\resham\Downloads\FRST64.exe
2012-09-19 19:42 - 2012-09-19 19:42 - 00269872 ____A C:\Windows\Minidump\Mini091912-01.dmp
2012-09-18 20:16 - 2012-09-18 20:16 - 00000000 ____D C:\Users\resham\AppData\Local\Apps\2.0
2012-09-18 16:37 - 2012-09-18 17:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-18 16:37 - 2012-09-18 16:37 - 00000901 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-18 16:37 - 2012-09-18 16:37 - 00000000 ____D C:\Users\resham\Desktop\Malwarebytes' Anti-Malware
2012-09-18 16:37 - 2012-09-18 16:37 - 00000000 ____D C:\Users\resham\AppData\Roaming\Malwarebytes
2012-09-18 16:37 - 2012-09-07 16:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-18 16:25 - 2012-09-18 16:26 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\resham\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-17 23:56 - 2012-09-17 23:56 - 00330026 ____A C:\Users\resham\AppData\Local\dd_vcredistMSI7574.txt
2012-09-17 23:56 - 2012-09-17 23:56 - 00016638 ____A C:\Users\resham\AppData\Local\dd_vcredistUI7574.txt
2012-09-17 23:56 - 2012-09-17 23:56 - 00001796 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-09-17 23:56 - 2012-09-17 23:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-09-17 23:56 - 2012-09-17 23:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-17 23:56 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-09-17 23:56 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-09-17 23:56 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-09-17 23:56 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-09-17 23:56 - 2012-08-21 01:13 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-09-17 23:56 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-09-17 23:56 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-09-17 23:56 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-09-17 23:56 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-09-17 23:55 - 2012-09-17 23:55 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-09-17 23:55 - 2012-09-17 23:55 - 00000000 ____D C:\Program Files\AVAST Software
2012-09-17 23:44 - 2012-09-17 23:54 - 93654616 ____A C:\Users\resham\Downloads\avast_free_antivirus_setup.exe
2012-09-17 22:34 - 2012-09-17 22:47 - 00000000 ____D C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-17 22:34 - 2012-09-17 22:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-17 22:29 - 2012-09-17 22:48 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-09-17 22:29 - 2012-09-17 22:29 - 00000000 ____D C:\Users\resham\AppData\Roaming\SpeedyPC Software
2012-09-17 22:29 - 2012-09-17 22:29 - 00000000 ____D C:\Users\resham\AppData\Roaming\DriverCure
2012-09-17 22:25 - 2012-09-17 22:25 - 00001205 ____A C:\Users\resham\Downloads\FixNCR.reg
2012-09-17 22:17 - 2012-09-17 22:17 - 00000732 ____A C:\Users\resham\AppData\Local\d3d9caps64.dat
2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Macromedia
2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Adobe
2012-09-17 21:42 - 2012-09-17 21:42 - 00000000 ____D C:\Users\Resham2\AppData\Local\Macromedia
2012-09-17 21:41 - 2012-09-17 21:41 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Mozilla
2012-09-17 21:41 - 2012-09-17 21:41 - 00000000 ____D C:\Users\Resham2\AppData\Local\Mozilla
2012-09-17 21:39 - 2012-09-17 21:39 - 00092112 ____A C:\Users\Resham2\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-17 21:39 - 2012-09-17 21:39 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Real
2012-09-17 21:39 - 2012-09-17 21:39 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\Apple Computer
2012-09-17 21:38 - 2012-09-17 21:39 - 00000000 ____D C:\users\Resham2
2012-09-17 21:38 - 2012-09-17 21:38 - 00000632 _RASH C:\Users\Resham2\ntuser.pol
2012-09-17 21:38 - 2012-09-17 21:38 - 00000020 __ASH C:\Users\Resham2\ntuser.ini
2012-09-17 21:38 - 2012-09-17 21:38 - 00000000 ____D C:\Users\Resham2\AppData\Local\VirtualStore
2012-09-17 21:38 - 2012-08-28 18:27 - 00000000 ____D C:\Users\Resham2\AppData\Local\Eastman_Kodak_Company
2012-09-17 21:38 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\DPInst.exe
2012-09-17 21:38 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\gacutil.exe
2012-09-17 21:38 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\PnPutil.exe
2012-09-17 21:38 - 2012-08-23 16:50 - 00000000 ____D C:\Users\Resham2\AppData\Roaming\KODAK AiO Home Center726472109
2012-09-17 21:38 - 2011-04-10 02:04 - 00000000 ____D C:\Users\Resham2\AppData\Local\Microsoft Help
2012-09-17 21:15 - 2012-09-17 21:28 - 00000000 ____A C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-17 21:15 - 2012-09-17 21:15 - 00404992 ____A (C-Media Electronics Inc.) C:\Users\resham\AppData\Roaming\ethri.dll
2012-09-17 21:15 - 2012-09-17 21:15 - 00000000 ____D C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
2012-09-16 04:42 - 2012-09-16 04:43 - 05190021 ____A C:\Users\resham\Downloads\Tearsa mmmm.MOV
2012-09-15 11:10 - 2012-09-15 11:10 - 00000000 ____D C:\Users\Mina pks\AppData\Local\Adobe
2012-09-12 23:38 - 2012-09-12 23:40 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(2).exe
2012-09-12 23:38 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(1).exe
2012-09-12 23:36 - 2012-09-12 23:36 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64.exe
2012-09-11 20:39 - 2012-09-11 20:39 - 00245675 ____A C:\Users\resham\Downloads\photo.php
2012-09-11 17:51 - 2012-09-11 17:51 - 00014788 ____A C:\Users\resham\Downloads\[isoHunt] Crimes.and.Misdemeanors..Xvid.DVD.RIP.torrent
2012-09-09 18:09 - 2012-09-09 18:09 - 00000000 ____D C:\Windows\System32\kodak
2012-09-09 17:12 - 2012-09-09 17:12 - 00000000 ____D C:\Windows\SysWOW64\spool
2012-09-07 20:46 - 2012-09-07 20:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-07 05:27 - 2012-09-07 05:27 - 00000000 ____D C:\Users\Mina pks\AppData\Local\Apple
2012-09-03 19:31 - 2012-09-03 19:31 - 00000000 ____D C:\Users\tearsa\AppData\Roaming\Macromedia
2012-09-03 19:31 - 2012-09-03 19:31 - 00000000 ____D C:\Users\tearsa\AppData\Local\Macromedia
2012-09-03 19:30 - 2012-09-03 19:30 - 00000906 _RASH C:\Users\tearsa\ntuser.pol
2012-09-02 19:37 - 2012-10-01 12:20 - 00000000 ____D C:\Users\resham\AppData\Local\Spotify
2012-09-02 19:36 - 2012-10-01 12:24 - 00000000 ____D C:\Users\resham\AppData\Roaming\Spotify
2012-09-02 19:35 - 2012-09-02 19:36 - 17617480 ____A (Spotify Ltd) C:\Users\resham\Downloads\Spotify Installer.exe
2012-09-02 16:40 - 2012-09-07 20:08 - 00000000 ____D C:\Users\Mina pks\AppData\Roaming\Skype


==================== 3 Months Modified Files ==================

2012-10-01 12:24 - 2006-11-02 07:42 - 00032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-01 12:24 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-01 12:24 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-01 12:24 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-01 11:57 - 2009-09-27 13:28 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-01 00:48 - 2012-08-22 16:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-30 23:59 - 2012-09-30 23:56 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_resham.job
2012-09-30 23:56 - 2012-09-30 23:56 - 00000380 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
2012-09-30 23:56 - 2012-09-30 23:56 - 00000370 ____A C:\Windows\Tasks\ReclaimerUpdateXML_resham.job
2012-09-30 21:57 - 2009-09-27 13:28 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-26 18:24 - 2012-09-26 18:24 - 01455249 ____A (Farbar) C:\Users\resham\Downloads\FRST64.exe
2012-09-26 18:19 - 2006-11-02 04:46 - 00703214 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-26 18:17 - 2011-03-28 21:26 - 00015616 ____A C:\Windows\setupact.log
2012-09-20 22:48 - 2012-08-22 16:28 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-20 22:48 - 2012-08-22 16:28 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-19 19:42 - 2012-09-19 19:42 - 00269872 ____A C:\Windows\Minidump\Mini091912-01.dmp
2012-09-19 19:42 - 2011-07-24 17:05 - 540251821 ____A C:\Windows\MEMORY.DMP
2012-09-18 19:52 - 2008-01-20 19:26 - 00084794 ____A C:\Windows\PFRO.log
2012-09-18 16:37 - 2012-09-18 16:37 - 00000901 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-18 16:26 - 2012-09-18 16:25 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\resham\Downloads\mbam-setup-1.65.0.1400.exe
2012-09-17 23:56 - 2012-09-17 23:56 - 00330026 ____A C:\Users\resham\AppData\Local\dd_vcredistMSI7574.txt
2012-09-17 23:56 - 2012-09-17 23:56 - 00016638 ____A C:\Users\resham\AppData\Local\dd_vcredistUI7574.txt
2012-09-17 23:56 - 2012-09-17 23:56 - 00001796 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-09-17 23:56 - 2012-09-17 23:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-09-17 23:56 - 2012-09-17 23:56 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-17 23:56 - 2011-03-23 19:57 - 00001356 ____A C:\Users\resham\AppData\Local\d3d9caps.dat
2012-09-17 23:54 - 2012-09-17 23:44 - 93654616 ____A C:\Users\resham\Downloads\avast_free_antivirus_setup.exe
2012-09-17 22:25 - 2012-09-17 22:25 - 00001205 ____A C:\Users\resham\Downloads\FixNCR.reg
2012-09-17 22:17 - 2012-09-17 22:17 - 00000732 ____A C:\Users\resham\AppData\Local\d3d9caps64.dat
2012-09-17 22:10 - 2009-03-17 11:09 - 01471044 ____A C:\Windows\WindowsUpdate.log
2012-09-17 21:39 - 2012-09-17 21:39 - 00092112 ____A C:\Users\Resham2\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-17 21:38 - 2012-09-17 21:38 - 00000632 _RASH C:\Users\Resham2\ntuser.pol
2012-09-17 21:38 - 2012-09-17 21:38 - 00000020 __ASH C:\Users\Resham2\ntuser.ini
2012-09-17 21:28 - 2012-09-17 21:15 - 00000000 ____A C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2012-09-17 21:15 - 2012-09-17 21:15 - 00404992 ____A (C-Media Electronics Inc.) C:\Users\resham\AppData\Roaming\ethri.dll
2012-09-17 21:14 - 2010-08-22 03:26 - 00000438 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-09-16 04:43 - 2012-09-16 04:42 - 05190021 ____A C:\Users\resham\Downloads\Tearsa mmmm.MOV
2012-09-12 23:40 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(2).exe
2012-09-12 23:38 - 2012-09-12 23:38 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64(1).exe
2012-09-12 23:36 - 2012-09-12 23:36 - 13085120 ____A (Microsoft Corporation) C:\Users\resham\Downloads\Silverlight_x64.exe
2012-09-12 02:00 - 2006-11-02 04:35 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-11 20:39 - 2012-09-11 20:39 - 00245675 ____A C:\Users\resham\Downloads\photo.php
2012-09-11 17:57 - 2009-09-26 20:09 - 00036352 ____A C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-11 17:51 - 2012-09-11 17:51 - 00014788 ____A C:\Users\resham\Downloads\[isoHunt] Crimes.and.Misdemeanors..Xvid.DVD.RIP.torrent
2012-09-07 16:04 - 2012-09-18 16:37 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-03 19:30 - 2012-09-03 19:30 - 00000906 _RASH C:\Users\tearsa\ntuser.pol
2012-09-03 19:30 - 2011-03-25 08:03 - 00092112 ____A C:\Users\tearsa\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-02 19:36 - 2012-09-02 19:35 - 17617480 ____A (Spotify Ltd) C:\Users\resham\Downloads\Spotify Installer.exe
2012-09-02 16:40 - 2012-08-23 20:54 - 00002499 ____A C:\Users\Public\Desktop\Skype.lnk
2012-08-31 03:28 - 2012-08-31 03:27 - 01439183 ____A C:\Users\resham\Downloads\Paronychodon.pptx
2012-08-30 19:12 - 2012-08-30 19:12 - 00269872 ____A C:\Windows\Minidump\Mini083012-01.dmp
2012-08-28 18:27 - 2012-08-28 18:27 - 00002070 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2012-08-28 18:25 - 2012-08-28 18:25 - 00001989 ____A C:\Users\Public\Desktop\Get CleanPrint.lnk
2012-08-26 17:54 - 2012-08-26 17:53 - 02850872 ____A C:\Users\resham\Downloads\rj10.m4a
2012-08-26 17:52 - 2012-08-26 17:52 - 02470217 ____A C:\Users\resham\Downloads\rj11.m4a
2012-08-25 10:57 - 2012-08-25 10:57 - 00092112 ____A C:\Users\Mina pks\AppData\Local\GDIPFONTCACHEV1.DAT
2012-08-25 10:57 - 2012-08-25 10:57 - 00000910 _RASH C:\Users\Mina pks\ntuser.pol
2012-08-25 10:57 - 2012-08-25 10:57 - 00000020 ___SH C:\Users\Mina pks\ntuser.ini
2012-08-25 10:56 - 2012-08-25 10:56 - 00000632 _RASH C:\Users\resham\ntuser.pol
2012-08-23 20:52 - 2012-08-23 20:52 - 00946352 ____A (Skype Technologies S.A.) C:\Users\resham\Downloads\SkypeSetup.exe
2012-08-23 16:50 - 2012-09-17 21:38 - 00800824 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\DPInst.exe
2012-08-23 16:50 - 2012-09-17 21:38 - 00106496 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\gacutil.exe
2012-08-23 16:50 - 2012-09-17 21:38 - 00036352 ____A (Microsoft Corporation) C:\Users\Resham2\AppData\Roaming\PnPutil.exe
2012-08-23 16:50 - 2012-08-25 10:57 - 00800824 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\DPInst.exe
2012-08-23 16:50 - 2012-08-25 10:57 - 00106496 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\gacutil.exe
2012-08-23 16:50 - 2012-08-25 10:57 - 00036352 ____A (Microsoft Corporation) C:\Users\Mina pks\AppData\Roaming\PnPutil.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\DPInst.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00800824 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\DPInst.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\gacutil.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00106496 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\gacutil.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Default\AppData\Roaming\PnPutil.exe
2012-08-23 16:50 - 2012-08-23 16:50 - 00036352 ____A (Microsoft Corporation) C:\Users\Default User\AppData\Roaming\PnPutil.exe
2012-08-22 16:28 - 2012-08-22 16:28 - 00002012 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-08-21 22:41 - 2011-04-06 21:43 - 00000162 ____A C:\Users\resham\AppData\Roaming\wklnhst.dat
2012-08-21 01:13 - 2012-09-17 23:56 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-09-17 23:56 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-09-17 23:56 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-09-17 23:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-09-17 23:56 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-08-21 01:13 - 2012-09-17 23:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-09-17 23:56 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-21 01:12 - 2012-09-17 23:56 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-09-17 23:56 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-20 17:20 - 2012-08-20 17:15 - 39483256 ____A (Apple Inc.) C:\Users\resham\Downloads\QuickTimeInstaller.exe
2012-08-20 13:48 - 2011-09-19 18:27 - 00044758 ____A C:\Users\resham\AppData\Local\installer.log
2012-07-08 23:11 - 2012-07-08 23:11 - 00384844 ____A C:\Users\resham\AppData\Local\funmoods-speeddial.crx


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-04 07:59:20
Restore point made on: 2012-09-04 23:00:26
Restore point made on: 2012-09-06 06:07:34
Restore point made on: 2012-09-07 00:57:00
Restore point made on: 2012-09-08 06:35:38
Restore point made on: 2012-09-09 01:13:27
Restore point made on: 2012-09-09 17:14:20
Restore point made on: 2012-09-09 17:15:40
Restore point made on: 2012-09-10 07:10:06
Restore point made on: 2012-09-11 02:07:07
Restore point made on: 2012-09-11 23:44:46
Restore point made on: 2012-09-12 02:00:28
Restore point made on: 2012-09-13 00:37:17
Restore point made on: 2012-09-18 17:36:57
Restore point made on: 2012-09-18 17:40:51
Restore point made on: 2012-09-20 05:50:16
Restore point made on: 2012-09-22 12:16:05
Restore point made on: 2012-09-23 18:16:15
Restore point made on: 2012-09-24 17:57:36
Restore point made on: 2012-09-28 19:08:27
Restore point made on: 2012-09-30 21:47:22

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3963.07 MB
Available physical RAM: 3430.53 MB
Total Pagefile: 3714.56 MB
Available Pagefile: 3400.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (SQ004817V03) (Fixed) (Total:288.55 GB) (Free:188.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
5 Drive g: (PF'S FLASH) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1908 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 289 GB 1501 MB
Partition 3 Primary 8 GB 290 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004817V03 NTFS Partition 289 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G PF'S FLASH FAT32 Removable 1908 MB Healthy

=========================================================

Last Boot: 2012-09-26 18:22

==================== End Of Log =============================
 
search----------------------------------------------------------------------------------------------------------------------------------------------
Farbar Recovery Scan Tool (x64) Version: 25-09-2012
Ran by SYSTEM at 2012-10-01 13:32:53
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-26 10:45] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-09-26 10:45] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======


Thanks again for all your help Broni.
 
That actually looks good.

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Hey Broni how can I be sure that all the hidden anti-virus, script blocking and any anti-malware real-time protectionare turned off ? I ran the Combofix and a window popped up saying that I had a free version of avg 2011 running.I thought that I uninstalled it ? I subsequently found it running in firefox and turned that off I just want to be sure before I proceed with the scan as it says it can damage my computer.
 
Here is my combo fix log, thanks Broni :D

------------------------------------------------------------------------------------------------------------
ComboFix 12-09-30.03 - resham 10/01/2012 19:47:14.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2298 [GMT -7:00]
Running from: c:\users\resham\Contacts\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Mina pks\AppData\Roaming\DPInst.exe
c:\users\Mina pks\AppData\Roaming\gacutil.exe
c:\users\Mina pks\AppData\Roaming\PnPutil.exe
c:\users\resham\AppData\Roaming\ethri.dll
c:\users\resham\AppData\Roaming\Microsoft\cmd32.exe
c:\users\resham\AppData\Roaming\Microsoft\eniscom.exe
c:\users\resham\AppData\Roaming\Microsoft\hamsn.exe
c:\users\resham\AppData\Roaming\Microsoft\mscng.exe
c:\users\resham\Documents\~WRL0003.tmp
c:\users\Resham2\AppData\Roaming\DPInst.exe
c:\users\Resham2\AppData\Roaming\gacutil.exe
c:\users\Resham2\AppData\Roaming\PnPutil.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
.
.
2012-10-02 03:00 . 2012-10-02 03:03 -------- d-----w- c:\users\resham\AppData\Local\temp
2012-10-02 03:00 . 2012-10-02 03:00 -------- d-----w- c:\users\tearsa\AppData\Local\temp
2012-10-01 21:29 . 2012-10-01 21:29 -------- d-----w- C:\FRST
2012-09-19 04:16 . 2012-09-19 04:16 -------- d-----w- c:\users\resham\AppData\Local\Apps
2012-09-19 00:37 . 2012-09-19 00:37 -------- d-----w- c:\users\resham\AppData\Roaming\Malwarebytes
2012-09-19 00:37 . 2012-09-19 01:10 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 00:37 . 2012-09-08 00:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-18 07:56 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-18 07:56 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-18 07:56 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-18 07:56 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-18 07:56 . 2012-08-21 09:13 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-09-18 07:56 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-18 07:56 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-18 07:56 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-18 07:56 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-18 07:55 . 2012-09-18 07:55 -------- d-----w- c:\programdata\AVAST Software
2012-09-18 07:55 . 2012-09-18 07:55 -------- d-----w- c:\program files\AVAST Software
2012-09-18 06:34 . 2012-09-18 06:34 -------- d-----w- c:\program files\Enigma Software Group
2012-09-18 06:34 . 2012-09-18 06:47 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-18 06:34 . 2012-09-18 06:34 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-18 06:29 . 2012-09-18 06:29 -------- d-----w- c:\users\resham\AppData\Roaming\SpeedyPC Software
2012-09-18 06:29 . 2012-09-18 06:29 -------- d-----w- c:\users\resham\AppData\Roaming\DriverCure
2012-09-18 06:29 . 2012-09-18 06:48 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-18 05:38 . 2012-09-18 05:39 -------- d-----w- c:\users\Resham2
2012-09-18 05:15 . 2012-09-18 05:15 -------- d-----w- c:\users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
2012-09-15 19:10 . 2012-09-15 19:10 -------- d-----w- c:\users\Mina pks\AppData\Local\Adobe
2012-09-10 02:09 . 2012-09-10 02:09 -------- d-----w- c:\windows\system32\kodak
2012-09-10 02:08 . 2011-06-17 00:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2012-09-10 01:12 . 2012-09-10 01:12 -------- d-----w- c:\windows\SysWow64\spool
2012-09-07 13:27 . 2012-09-07 13:27 -------- d-----w- c:\users\Mina pks\AppData\Local\Apple
2012-09-04 03:31 . 2012-09-04 03:31 -------- d-----w- c:\users\tearsa\AppData\Local\Macromedia
2012-09-03 03:37 . 2012-10-02 00:47 -------- d-----w- c:\users\resham\AppData\Local\Spotify
2012-09-03 03:36 . 2012-10-02 01:22 -------- d-----w- c:\users\resham\AppData\Roaming\Spotify
2012-09-03 00:40 . 2012-09-08 04:08 -------- d-----w- c:\users\Mina pks\AppData\Roaming\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 06:48 . 2012-08-23 00:28 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 06:48 . 2012-08-23 00:28 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-12 10:00 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify"="c:\users\resham\AppData\Roaming\Spotify\Spotify.exe" [2012-09-03 5576408]
"Spotify Web Helper"="c:\users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-09-03 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-02-16 273544]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...isxLUNJRDEwKzEtQ0lEKzEw&prod=90&ver=10.0.1427" [?]
.
c:\users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 06:48]
.
2012-09-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-18 09:12]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 21:28]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-27 21:28]
.
2012-10-01 c:\windows\Tasks\ReclaimerUpdateFiles_resham.job
- c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
.
2012-10-01 c:\windows\Tasks\ReclaimerUpdateXML_resham.job
- c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
.
2012-10-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_resham.job
- c:\users\resham\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-22 04:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-17 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bb7ed80c7-6dcb-43e3-921b-32815c5c005f%7D&mid=bd1e2c2048de47d69623d1e980e4e9f3-75d5b143e8225633ea1002530ff6a12a622dbe1b&ds=AVG&v=12.2.5.32&lang=us&pr=pa&d=2012-01-13%2019%3A03%3A25&sap=ku&q=
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtAtByC0CtD0FyCtC0FyEtN0D0Tzu0CtCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575&q=
FF - user.js: extensions.funmoods.id - 0024D2326C0F61F4
FF - user.js: extensions.funmoods.instlDay - 15530
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:11
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - axl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - axl
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\Jumpstart\jswtrayutil.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-10-01 20:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-02 03:10
.
Pre-Run: 201,748,008,960 bytes free
Post-Run: 202,735,058,944 bytes free
.
- - End Of File - - 1CEC014B00884A9FD4610136E4CE2FB0
 
Looks good.

How is computer doing?

==========================

Please clarify your AV situation.
I can see some items from AVG and Avast.
Which one is your current AV program?

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I am currently using avast for an AV, as for AVG, it seems to be pretty hard to get rid of , ironic. My computer seem to be doing fine although I do get redirected alot when doing google searches, often to some completely unrelated advertisement. other than that it seems pretty good.will post my logs shortly
Thanks again Broni your a G
 
I just use firefox, any sugestions for a better browser would be heeded.

Hey are my logs split into up in to several posts
OTL.txt--------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 10/1/2012 9:21:50 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\resham\Contacts\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.89% Memory free
7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 188.89 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.88% Space Free | Partition Type: FAT32

Computer Name: RESHAM-PC | User Name: resham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/01 21:20:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
PRC - [2012/09/02 20:36:58 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\resham\AppData\Roaming\Spotify\spotify.exe
PRC - [2012/09/02 20:36:56 | 001,193,176 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011/02/16 01:55:54 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/04/17 00:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 00:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
PRC - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/02 20:36:57 | 020,219,096 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012/09/02 20:36:56 | 001,193,176 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/02/06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/04/24 18:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 13:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 11:11:30 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 17:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 16:53:16 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/09/20 23:48:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 21:46:38 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/08/04 14:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/18 20:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 16:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/04/03 21:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 02:13:13 | 000,969,200 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 02:13:13 | 000,359,464 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 02:13:13 | 000,059,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 02:13:12 | 000,071,600 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 02:13:12 | 000,044,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/08/21 02:13:11 | 000,025,232 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNVsp.sys -- (ATMFNVsp)
DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFMdm.sys -- (ATMFMdm)
DRV:64bit: - [2009/10/01 03:51:12 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFCVsp.sys -- (ATMFCVsp)
DRV:64bit: - [2009/10/01 03:51:12 | 000,133,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFNET.sys -- (ATMFNET)
DRV:64bit: - [2009/10/01 03:51:12 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFBUS.sys -- (ATMFBUS)
DRV:64bit: - [2009/10/01 03:51:12 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFFLT.sys -- (ATMFFLT)
DRV:64bit: - [2009/10/01 03:51:10 | 000,166,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ATMFVsp.sys -- (ATMFVsp)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/28 15:55:28 | 001,146,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/07/18 18:52:16 | 000,504,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/12 18:51:36 | 007,911,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/15 10:05:42 | 000,161,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/04/02 17:27:18 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 14:59:32 | 001,252,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/12/20 16:10:50 | 000,028,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 14:03:36 | 000,027,272 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/12/06 18:12:56 | 000,320,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/09 14:00:30 | 000,026,968 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/19 22:11:06 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/08 23:34:00 | 000,237,568 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/08 23:33:00 | 000,248,320 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {520ABFF0-7C64-4D2B-8ADA-2DF7F4B51D3A}
IE:64bit: - HKLM\..\SearchScopes\{520ABFF0-7C64-4D2B-8ADA-2DF7F4B51D3A}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKLM\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes,Backup.Old.DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes,DefaultScope = {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7TSHB_enUS345US345
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...tartPage={startPage}&rlz=1I7TSHB_enUS345US345
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...12a622dbe1b&lang=us&ds=AVG&pr=pa&d=2012-01-13 19:03:25&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80229&lng=en
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=us&pr=pa&d=2012-01-13 19:03:25&sap=ku&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/16 01:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:46:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}: C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}\ [2012/09/17 22:15:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 21:46:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/03/25 02:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\resham\AppData\Roaming\Mozilla\Extensions
[2012/09/22 12:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\extensions
[2012/07/09 00:12:27 | 000,002,329 | ---- | M] () -- C:\Users\resham\AppData\Roaming\Mozilla\Firefox\Profiles\fivt228e.default\searchplugins\Search.xml
[2012/09/07 21:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/17 22:15:25 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\RESHAM\APPDATA\LOCAL\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
[2009/09/28 03:00:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/09/07 21:46:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/03 12:04:49 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/03 11:47:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/03 11:47:43 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
OTL.txt cont..---------------------------------------------------------------------------------------------------

========== Chrome ==========

CHR - homepage: http://start.funmoods.com/?f=1&a=ax...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = http://start.funmoods.com/results.p...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.funmoods.com/?f=1&a=ax...tCzytDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=359117575
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SpeedDial = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: avast! WebRep = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\resham\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2012/10/01 20:03:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKIJ5000MUI.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000..\Run: [Spotify] C:\Users\resham\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000..\Run: [Spotify Web Helper] C:\Users\resham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5792BFBD-E177-4EAA-934F-AF82BB67D2A3}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C12D3495-9B83-4917-A534-5FCF1ED20B86}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\resham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\resham\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/01 21:19:31 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
[2012/10/01 20:10:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/01 20:10:12 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\temp
[2012/10/01 20:03:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/10/01 19:44:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/01 19:44:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/01 19:44:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/01 18:38:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/01 18:37:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/01 18:00:46 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\resham\Contacts\Desktop\ComboFix.exe
[2012/10/01 14:29:29 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/01 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\FRST logs step 3
[2012/09/19 20:38:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\resham\Contacts\Desktop\aswMBR.exe
[2012/09/19 20:32:51 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\RK_Quarantine
[2012/09/19 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\logs step 2, 9-18-12
[2012/09/19 20:20:42 | 000,000,000 | ---D | C] -- C:\Users\resham\Contacts\Desktop\Tdsskiller
[2012/09/18 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\Apps
[2012/09/18 17:37:20 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\Malwarebytes
[2012/09/18 17:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/18 17:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/18 00:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/18 00:56:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/09/18 00:56:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/18 00:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/18 00:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/17 23:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/17 23:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/09/17 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\SpeedyPC Software
[2012/09/17 23:29:17 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\DriverCure
[2012/09/17 23:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/17 22:15:25 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\{D2CE83BA-014F-11E2-8271-B8AC6F996F26}
[2012/09/09 19:09:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak
[2012/09/09 18:12:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012/09/07 21:46:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/02 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Local\Spotify
[2012/09/02 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\resham\AppData\Roaming\Spotify
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/01 21:20:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\resham\Contacts\Desktop\OTL.exe
[2012/10/01 20:57:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/01 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/01 20:06:49 | 000,703,214 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/01 20:06:49 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/01 20:06:49 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/01 20:04:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/01 20:03:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/01 20:03:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_resham.job
[2012/10/01 20:02:23 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/10/01 20:01:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/01 20:01:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/01 20:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/01 18:01:12 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\resham\Contacts\Desktop\ComboFix.exe
[2012/10/01 13:38:48 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_resham.job
[2012/10/01 13:38:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_resham.job
[2012/09/19 21:24:05 | 000,000,512 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\MBR.dat
[2012/09/19 20:42:05 | 540,251,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/19 20:38:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\resham\Contacts\Desktop\aswMBR.exe
[2012/09/19 20:25:41 | 001,382,912 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\RogueKiller.exe
[2012/09/19 20:17:38 | 000,000,984 | ---- | M] () -- C:\Users\resham\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/18 23:21:04 | 000,000,417 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller - Shortcut.lnk
[2012/09/18 21:02:30 | 002,193,404 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip.zip
[2012/09/18 20:44:52 | 002,193,278 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip
[2012/09/18 17:37:09 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 00:56:32 | 000,001,356 | ---- | M] () -- C:\Users\resham\AppData\Local\d3d9caps.dat
[2012/09/18 00:56:31 | 000,001,796 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/18 00:56:30 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/09/18 00:56:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/17 23:17:50 | 000,000,732 | ---- | M] () -- C:\Users\resham\AppData\Local\d3d9caps64.dat
[2012/09/17 22:28:14 | 000,000,000 | ---- | M] () -- C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/13 00:35:17 | 000,000,967 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\DWR lectures.htm
[2012/09/12 18:53:28 | 000,746,225 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\Stratigraphic_Chart_GTS2012.jpg
[2012/09/11 18:57:48 | 000,036,352 | ---- | M] () -- C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/02 20:36:59 | 000,001,733 | ---- | M] () -- C:\Users\resham\Contacts\Desktop\Spotify.lnk
[2012/09/02 17:40:31 | 000,002,499 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/01 19:44:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/01 19:44:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/01 19:44:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/01 19:44:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/01 19:44:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/01 00:56:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_resham.job
[2012/10/01 00:56:01 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_resham.job
[2012/10/01 00:56:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_resham.job
[2012/09/19 20:57:54 | 000,000,512 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\MBR.dat
[2012/09/19 20:25:26 | 001,382,912 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\RogueKiller.exe
[2012/09/18 21:02:30 | 002,193,404 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip.zip
[2012/09/18 20:45:36 | 000,000,417 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller - Shortcut.lnk
[2012/09/18 20:44:35 | 002,193,278 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\tdsskiller.zip
[2012/09/18 17:37:09 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/18 17:37:06 | 000,025,928 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/18 00:56:31 | 000,001,796 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/18 00:56:30 | 000,969,200 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/09/18 00:56:30 | 000,359,464 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/09/18 00:56:30 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2012/09/18 00:56:30 | 000,071,600 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/09/18 00:56:30 | 000,059,728 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/09/18 00:56:30 | 000,044,272 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/09/18 00:56:30 | 000,025,232 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/09/18 00:56:30 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2012/09/18 00:56:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/09/17 23:17:50 | 000,000,732 | ---- | C] () -- C:\Users\resham\AppData\Local\d3d9caps64.dat
[2012/09/17 22:15:25 | 000,000,000 | ---- | C] () -- C:\Users\resham\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
[2012/09/13 00:35:17 | 000,000,967 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\DWR lectures.htm
[2012/09/12 18:53:26 | 000,746,225 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\Stratigraphic_Chart_GTS2012.jpg
[2012/09/02 20:36:59 | 000,001,733 | ---- | C] () -- C:\Users\resham\Contacts\Desktop\Spotify.lnk
[2012/09/02 20:36:59 | 000,001,713 | ---- | C] () -- C:\Users\resham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/08/25 11:56:18 | 000,000,632 | RHS- | C] () -- C:\Users\resham\ntuser.pol
[2012/07/09 00:11:32 | 000,384,844 | ---- | C] () -- C:\Users\resham\AppData\Local\funmoods-speeddial.crx
[2011/10/12 18:11:28 | 015,983,616 | ---- | C] () -- C:\Users\resham\Cricket Broadband Setup-v1.0 (build 1950).msi
[2011/09/19 19:08:18 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll
[2011/09/19 19:08:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2011/09/19 19:08:18 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll
[2011/07/01 16:53:48 | 000,000,152 | ---- | C] () -- C:\Users\resham\webct_upload_applet.properties
[2011/04/06 22:43:44 | 000,000,162 | ---- | C] () -- C:\Users\resham\AppData\Roaming\wklnhst.dat
[2011/03/23 20:57:14 | 000,001,356 | ---- | C] () -- C:\Users\resham\AppData\Local\d3d9caps.dat
[2010/01/14 16:48:39 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/09/26 21:09:56 | 000,036,352 | ---- | C] () -- C:\Users\resham\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 08:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 08:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/03/02 21:53:36 | 000,891,392 | ---- | M] ()
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/03/02 21:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Temp
[2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Temp
[2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Mina pks\AppData\Roaming\Temp
[2011/10/12 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Cricket
[2012/09/17 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\DriverCure
[2012/01/29 13:48:11 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Notepad++
[2012/09/17 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\SpeedyPC Software
[2012/10/01 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Spotify
[2011/06/09 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Temp
[2012/08/21 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\Template
[2009/09/28 16:40:47 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\TOSHIBA
[2009/09/20 12:47:25 | 000,000,000 | ---D | M] -- C:\Users\resham\AppData\Roaming\WildTangent
[2011/09/19 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Resham2\AppData\Roaming\Temp
[2011/03/31 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\tearsa\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
 
Extras.Txt-------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 10/1/2012 9:21:50 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\resham\Contacts\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 56.89% Memory free
7.93 Gb Paging File | 6.12 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 188.89 Gb Free Space | 65.46% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.82 Gb Free Space | 97.88% Space Free | Partition Type: FAT32

Computer Name: RESHAM-PC | User Name: resham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Unable to open value key File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htafile [open] -- "%1" %*
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
https [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
htafile [open] -- "%1" %*
https [open] -- Reg Error: Unable to open value key
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47ED0D77-D424-4079-BCFC-1332F00F0B4B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E71AD18-2A8D-401B-9359-188A2FE67157}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{527A6EA1-CBD6-4C24-A80C-5EAC81AAA13D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{54BAC73B-264C-4EF4-8CD3-BA2757B4F2A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9738DB2-60A6-46CA-8470-4120FA7FB62A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD17CC24-4AA3-46B8-8FDF-E22A11A8070F}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CEC43ECE-8364-43DE-8A9A-478D1185A48A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D86AE4E8-54BD-4137-B2C2-205A56A67D6B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DABC23A5-02C3-40A2-896A-9AB99327B851}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFCDA495-F5DA-4EC2-8A5F-706708EBD85A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C8FB24C-A572-4436-B347-C358178E1EA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{839169CD-5093-4124-BDD3-4BE8D61E5D43}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BE98E5B0-DDBE-4CE7-B2E5-C8119B9BA60D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8E67C118-DE47-4AF7-8913-9CA9C1BBF23B}C:\users\resham\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\resham\appdata\roaming\spotify\spotify.exe |
"TCP Query User{985C041B-4367-459E-AE6C-DE75BC25C60F}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{430A7DD2-B11E-4767-9F00-66BA0635ACFF}C:\users\resham\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\resham\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6B2625FA-1A91-463C-98B4-37A5B0636ED2}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 (64-bit)
"{2222706F-666A-4037-7777-202648764D10}" = JavaFX 2.0.2 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes
"{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B9B1B9E-45E5-4A76-9CA8-E06F897A3201}" = Cricket Broadband 1.0
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Maple 12" = Maple 12
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"RealPlayer 12.0" = RealPlayer
"WildTangent toshiba Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3902824652-3120505283-713476528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2012 4:18:44 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2168

Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3369

Error - 10/1/2012 4:18:45 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3369

Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4383

Error - 10/1/2012 4:18:46 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4383

Error - 10/1/2012 4:39:35 PM | Computer Name = resham-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2012 11:02:01 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.15.89:5353 19 89.15.168.192.in-addr.arpa.
PTR resham-PC-2.local.

Error - 10/1/2012 11:02:01 PM | Computer Name = resham-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 17 89.15.168.192.in-addr.arpa.
PTR resham-PC.local.

Error - 10/1/2012 11:03:20 PM | Computer Name = resham-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 9/23/2012 10:17:09 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/24/2012 9:58:47 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/25/2012 10:24:06 AM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/26/2012 7:21:06 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/26/2012 10:24:43 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/28/2012 10:38:11 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/30/2012 5:54:07 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/1/2012 12:14:19 AM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/1/2012 4:05:33 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/1/2012 10:16:32 PM | Computer Name = resham-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 2/19/2010 1:01:17 PM | Computer Name = resham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 132
seconds with 120 seconds of active time. This session ended with a crash.

Error - 2/21/2010 5:18:02 PM | Computer Name = resham-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47252
seconds with 3900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 10/1/2012 4:39:36 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 10/1/2012 10:52:51 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 10/1/2012 10:59:33 PM | Computer Name = resham-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/1/2012 11:00:23 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 10/1/2012 11:01:49 PM | Computer Name = resham-PC | Source = HTTP | ID = 15016
Description =

Error - 10/1/2012 11:02:23 PM | Computer Name = resham-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 10/1/2012 11:02:23 PM | Computer Name = resham-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.15.89,
since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on
this IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 10/1/2012 11:03:21 PM | Computer Name = resham-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back