Solved My other computer now has a virus

M

MTilson

Posts: 93   +0
Please help! I ran the antivirus program and malwarebytes so far. Here is the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.14.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Satan :: SATAN-PC [administrator]

3/13/2012 7:46:44 PM
mbam-log-2012-03-13 (19-46-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219269
Time elapsed: 22 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER results

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-13 20:37:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542512K9SA00 rev.BB2OC33P
Running: vc0mo67b.exe; Driver: C:\Users\Satan\AppData\Local\Temp\pwdoypod.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Satan at 20:44:23 on 2012-03-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.306 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\avira\antivir desktop\avhlp.exe
c:\program files\avira\antivir desktop\ApnStub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031760
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
mURLSearchHooks: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "c:\users\satan\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\satan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{39811BFD-A031-4F2C-9911-CDF8F9763AED} : NameServer = 68.87.76.178,66.240.48.9
TCP: Interfaces\{C65B8B4F-0AA9-42EE-A7BD-57B516133DA6} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\satan\appdata\roaming\mozilla\firefox\profiles\5gurtq4y.default\
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\satan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-18 66616]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960]
.
=============== Created Last 30 ================
.
2012-03-14 02:45:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 03:10:38 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{04c35487-1dcc-4e0b-8b1a-a3d94a67dfd6}\mpengine.dll
2012-03-12 01:03:28 -------- d-----w- c:\program files\common files\Intuit
2012-03-12 01:03:11 -------- d-----w- c:\users\satan\appdata\roaming\Intuit
2012-03-12 01:03:11 -------- d-----w- c:\program files\Quicken
2012-03-12 01:02:25 -------- d-----w- c:\programdata\Intuit
2012-03-07 04:43:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-06 05:04:27 -------- d-----w- c:\users\satan\appdata\roaming\Malwarebytes
2012-03-06 05:03:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-15 01:14:09 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 01:14:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-15 01:13:54 2044416 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-02-06 03:35:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 13:10:42 237072 ----a-w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:47:34.09 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/15/2008 11:29:49 PM
System Uptime: 3/13/2012 7:10:03 PM (1 hours ago)
.
Motherboard: TOSHIBA | | ISKAA
Processor: Intel(R) Celeron(R) CPU 540 @ 1.86GHz | U2E1 | 1862/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 58.258 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft ShowBiz
ArcSoft WebCam Companion 3
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Avira AntiVir Personal - Free Antivirus
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conduit Engine
DVD MovieFactory for TOSHIBA
Emicsoft Video Converter
Facebook Video Calling 1.1.1.1
Feedback Tool
GearDrvs
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Button Manager
HP ePrint Mobile
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Officejet 6500 E710n-z Product Improvement Study
HP Postscript Converter
HP Update
HP Webcam User's Guide
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) 6 Update 3
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Vid HD
Logitech Webcam Software
LUNA Plus v1.0
Malwarebytes Anti-Malware version 1.60.1.1000
Marketsplash Shortcuts
Memeo AutoBackup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XML Parser
Microsoft XNA Framework Redistributable 4.0
MobileMe Control Panel
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Pando Media Booster
Picasa 2
QuickBooks Financial Center
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.4
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype Click to Call
Skype™ 5.5
Softonic-EngUSA_ Toolbar
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 3:53:42 PM, Error: EventLog [6008] - The previous system shutdown at 3:12:01 PM on 3/8/2012 was unexpected.
3/8/2012 10:06:03 AM, Error: EventLog [6008] - The previous system shutdown at 10:04:55 AM on 3/8/2012 was unexpected.
3/8/2012 10:02:09 AM, Error: EventLog [6008] - The previous system shutdown at 10:00:32 AM on 3/8/2012 was unexpected.
3/7/2012 9:43:03 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/7/2012 9:43:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
3/7/2012 7:50:25 PM, Error: EventLog [6008] - The previous system shutdown at 7:48:56 PM on 3/7/2012 was unexpected.
3/13/2012 7:12:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/13/2012 7:12:10 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/13/2012 7:03:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:02:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/13/2012 7:02:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/13/2012 7:02:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb spldr ssmdrv Wanarpv6
3/13/2012 7:02:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/13/2012 7:02:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/13/2012 7:02:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/13/2012 7:00:58 PM, Error: EventLog [6008] - The previous system shutdown at 6:58:54 PM on 3/13/2012 was unexpected.
3/13/2012 6:55:42 PM, Error: EventLog [6008] - The previous system shutdown at 6:34:05 AM on 3/13/2012 was unexpected.
3/12/2012 8:33:32 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:02 PM on 3/12/2012 was unexpected.
3/12/2012 8:17:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
3/12/2012 8:11:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/12/2012 8:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/12/2012 8:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/12/2012 8:10:38 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.121.966.0 Loading engine version: 1.1.8101.0
3/12/2012 8:10:01 PM, Error: EventLog [6008] - The previous system shutdown at 8:08:34 PM on 3/12/2012 was unexpected.
3/12/2012 7:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/12/2012 7:51:05 PM, Error: EventLog [6008] - The previous system shutdown at 6:26:21 AM on 3/12/2012 was unexpected.
3/12/2012 11:05:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/12/2012 11:05:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/12/2012 11:05:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
3/12/2012 11:05:28 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
3/11/2012 9:14:06 PM, Error: EventLog [6008] - The previous system shutdown at 9:12:05 PM on 3/11/2012 was unexpected.
3/11/2012 7:16:04 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
3/11/2012 3:54:50 PM, Error: EventLog [6008] - The previous system shutdown at 3:50:12 PM on 3/11/2012 was unexpected.
3/11/2012 12:43:24 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:53 PM on 3/11/2012 was unexpected.
3/11/2012 12:11:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/11/2012 12:05:09 PM, Error: EventLog [6008] - The previous system shutdown at 12:03:03 PM on 3/11/2012 was unexpected.
3/11/2012 11:21:25 AM, Error: EventLog [6008] - The previous system shutdown at 10:42:23 PM on 3/10/2012 was unexpected.
3/11/2012 10:02:01 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/10/2012 4:21:36 PM, Error: EventLog [6008] - The previous system shutdown at 4:19:24 PM on 3/10/2012 was unexpected.
3/10/2012 10:14:33 AM, Error: EventLog [6008] - The previous system shutdown at 10:12:09 AM on 3/10/2012 was unexpected.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Please observe forum rules.
All logs have to be pasted not attached or uploaded somewhere.
 
Sorry. That's how you told me to post it in the past when the log was too long. How would you like me to proceed this time?
 
That was one time situation.
I've never seen TDSSKiller log being super long.
Let's see.....

21:14:26.0266 0468 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:14:26.0731 0468 ============================================================
21:14:26.0731 0468 Current date / time: 2012/03/14 21:14:26.0731
21:14:26.0731 0468 SystemInfo:
21:14:26.0731 0468
21:14:26.0731 0468 OS Version: 6.0.6002 ServicePack: 2.0
21:14:26.0731 0468 Product type: Workstation
21:14:26.0731 0468 ComputerName: SATAN-PC
21:14:26.0731 0468 UserName: Satan
21:14:26.0731 0468 Windows directory: C:\Windows
21:14:26.0731 0468 System windows directory: C:\Windows
21:14:26.0731 0468 Processor architecture: Intel x86
21:14:26.0731 0468 Number of processors: 1
21:14:26.0731 0468 Page size: 0x1000
21:14:26.0731 0468 Boot type: Normal boot
21:14:26.0731 0468 ============================================================
21:14:28.0431 0468 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:14:28.0431 0468 \Device\Harddisk0\DR0:
21:14:28.0431 0468 MBR used
21:14:28.0431 0468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
21:14:28.0481 0468 Initialize success
21:14:28.0481 0468 ============================================================
21:14:43.0714 0192 ============================================================
21:14:43.0714 0192 Scan started
21:14:43.0714 0192 Mode: Manual;
21:14:43.0714 0192 ============================================================
21:14:45.0544 0192 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:14:45.0544 0192 ACPI - ok
21:14:45.0674 0192 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:14:45.0694 0192 adp94xx - ok
21:14:45.0834 0192 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:14:45.0844 0192 adpahci - ok
21:14:45.0914 0192 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:14:45.0944 0192 adpu160m - ok
21:14:46.0074 0192 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:14:46.0074 0192 adpu320 - ok
21:14:46.0234 0192 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:14:46.0234 0192 AFD - ok
21:14:46.0694 0192 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
21:14:46.0854 0192 AgereSoftModem - ok
21:14:47.0014 0192 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:14:47.0014 0192 agp440 - ok
21:14:47.0064 0192 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:14:47.0064 0192 aic78xx - ok
21:14:47.0104 0192 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:14:47.0104 0192 aliide - ok
21:14:47.0144 0192 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:14:47.0174 0192 amdagp - ok
21:14:47.0304 0192 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:14:47.0314 0192 amdide - ok
21:14:47.0434 0192 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:14:47.0434 0192 AmdK7 - ok
21:14:47.0474 0192 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:14:47.0494 0192 AmdK8 - ok
21:14:47.0624 0192 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:14:47.0664 0192 ApfiltrService - ok
21:14:47.0824 0192 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:14:47.0834 0192 arc - ok
21:14:47.0974 0192 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:14:47.0984 0192 arcsas - ok
21:14:48.0094 0192 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:48.0104 0192 AsyncMac - ok
21:14:48.0204 0192 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:14:48.0204 0192 atapi - ok
21:14:48.0324 0192 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
21:14:48.0334 0192 athr - ok
21:14:48.0514 0192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
21:14:48.0514 0192 avgntflt - ok
21:14:48.0564 0192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
21:14:48.0574 0192 avipbb - ok
21:14:48.0724 0192 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:14:48.0744 0192 Beep - ok
21:14:48.0854 0192 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:14:48.0884 0192 blbdrive - ok
21:14:49.0044 0192 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:14:49.0044 0192 bowser - ok
21:14:49.0164 0192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:14:49.0164 0192 BrFiltLo - ok
21:14:49.0204 0192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:14:49.0214 0192 BrFiltUp - ok
21:14:49.0354 0192 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:14:49.0354 0192 Brserid - ok
21:14:49.0404 0192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:14:49.0404 0192 BrSerWdm - ok
21:14:49.0444 0192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:14:49.0444 0192 BrUsbMdm - ok
21:14:49.0474 0192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:14:49.0474 0192 BrUsbSer - ok
21:14:49.0634 0192 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:14:49.0654 0192 BTHMODEM - ok
21:14:49.0774 0192 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
21:14:49.0804 0192 BVRPMPR5 - ok
21:14:49.0977 0192 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:14:49.0977 0192 cdfs - ok
21:14:50.0070 0192 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
21:14:50.0070 0192 Cdr4_xp - ok
21:14:50.0195 0192 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
21:14:50.0211 0192 Cdralw2k - ok
21:14:50.0304 0192 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:14:50.0304 0192 cdrom - ok
21:14:50.0367 0192 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:14:50.0367 0192 circlass - ok
21:14:50.0460 0192 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:14:50.0491 0192 CLFS - ok
21:14:50.0641 0192 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:14:50.0671 0192 CmBatt - ok
21:14:50.0761 0192 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:14:50.0791 0192 cmdide - ok
21:14:50.0931 0192 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:14:50.0931 0192 Compbatt - ok
21:14:51.0131 0192 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:14:51.0161 0192 crcdisk - ok
21:14:51.0231 0192 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:14:51.0231 0192 Crusoe - ok
21:14:51.0481 0192 DCamUSBNovatek (ec6a07269d3762931f21f048f0a7875d) C:\Windows\system32\Drivers\nvtcam.sys
21:14:51.0571 0192 DCamUSBNovatek - ok
21:14:51.0741 0192 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:14:51.0761 0192 DfsC - ok
21:14:52.0031 0192 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:14:52.0031 0192 disk - ok
21:14:52.0181 0192 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:14:52.0181 0192 drmkaud - ok
21:14:52.0331 0192 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:14:52.0341 0192 DXGKrnl - ok
21:14:52.0481 0192 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:14:52.0491 0192 E1G60 - ok
21:14:52.0631 0192 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:14:52.0631 0192 Ecache - ok
21:14:52.0801 0192 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:14:52.0821 0192 elxstor - ok
21:14:52.0941 0192 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:14:52.0941 0192 ErrDev - ok
21:14:53.0091 0192 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:14:53.0101 0192 exfat - ok
21:14:53.0191 0192 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:14:53.0211 0192 fastfat - ok
21:14:53.0341 0192 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:14:53.0341 0192 fdc - ok
21:14:53.0411 0192 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:14:53.0421 0192 FileInfo - ok
21:14:53.0461 0192 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:14:53.0491 0192 Filetrace - ok
21:14:53.0521 0192 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:14:53.0531 0192 flpydisk - ok
21:14:53.0661 0192 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:14:53.0671 0192 FltMgr - ok
21:14:53.0771 0192 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:14:53.0781 0192 Fs_Rec - ok
21:14:53.0881 0192 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:14:53.0881 0192 gagp30kx - ok
21:14:54.0021 0192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:14:54.0021 0192 GEARAspiWDM - ok
21:14:54.0221 0192 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:14:54.0221 0192 HdAudAddService - ok
21:14:54.0301 0192 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:14:54.0311 0192 HDAudBus - ok
21:14:54.0471 0192 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:14:54.0471 0192 HidBth - ok
21:14:54.0621 0192 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:14:54.0621 0192 HidIr - ok
21:14:54.0731 0192 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:14:54.0731 0192 HidUsb - ok
21:14:54.0861 0192 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:14:54.0861 0192 HpCISSs - ok
21:14:54.0981 0192 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:14:54.0991 0192 HTTP - ok
21:14:55.0101 0192 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:14:55.0111 0192 i2omp - ok
21:14:55.0231 0192 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:14:55.0241 0192 i8042prt - ok
21:14:55.0311 0192 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:14:55.0321 0192 iaStorV - ok
21:14:55.0551 0192 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:14:55.0581 0192 igfx - ok
21:14:55.0681 0192 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:14:55.0691 0192 iirsp - ok
21:14:55.0851 0192 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
21:14:55.0911 0192 IntcAzAudAddService - ok
21:14:56.0071 0192 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:14:56.0081 0192 intelide - ok
21:14:56.0121 0192 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:14:56.0121 0192 intelppm - ok
21:14:56.0221 0192 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:14:56.0221 0192 IpFilterDriver - ok
21:14:56.0331 0192 IpInIp - ok
21:14:56.0441 0192 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:14:56.0451 0192 IPMIDRV - ok
21:14:56.0531 0192 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:14:56.0531 0192 IPNAT - ok
21:14:56.0671 0192 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:14:56.0671 0192 IRENUM - ok
21:14:56.0741 0192 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:14:56.0741 0192 isapnp - ok
21:14:56.0811 0192 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:14:56.0811 0192 iScsiPrt - ok
21:14:56.0901 0192 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:14:56.0901 0192 iteatapi - ok
21:14:56.0981 0192 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:14:56.0981 0192 iteraid - ok
21:14:57.0091 0192 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
21:14:57.0091 0192 jswpslwf - ok
21:14:57.0131 0192 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:14:57.0131 0192 kbdclass - ok
21:14:57.0211 0192 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:14:57.0211 0192 kbdhid - ok
21:14:57.0321 0192 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
21:14:57.0321 0192 KR10I - ok
21:14:57.0371 0192 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
21:14:57.0371 0192 KR10N - ok
21:14:57.0521 0192 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:14:57.0531 0192 KSecDD - ok
21:14:57.0691 0192 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:14:57.0691 0192 lltdio - ok
21:14:57.0851 0192 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
21:14:57.0851 0192 LPCFilter - ok
21:14:57.0911 0192 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:14:57.0941 0192 LSI_FC - ok
21:14:57.0991 0192 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:14:57.0991 0192 LSI_SAS - ok
21:14:58.0121 0192 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:14:58.0131 0192 LSI_SCSI - ok
21:14:58.0191 0192 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:14:58.0191 0192 luafv - ok
21:14:58.0361 0192 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:14:58.0361 0192 LVPr2Mon - ok
21:14:58.0461 0192 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:14:58.0461 0192 megasas - ok
21:14:58.0511 0192 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:14:58.0541 0192 MegaSR - ok
21:14:58.0681 0192 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:14:58.0681 0192 Modem - ok
21:14:58.0761 0192 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:14:58.0761 0192 monitor - ok
21:14:58.0801 0192 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:14:58.0801 0192 mouclass - ok
21:14:58.0841 0192 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:14:58.0841 0192 mouhid - ok
21:14:58.0931 0192 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:14:58.0941 0192 MountMgr - ok
21:14:59.0051 0192 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:14:59.0051 0192 mpio - ok
21:14:59.0091 0192 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:14:59.0091 0192 mpsdrv - ok
21:14:59.0201 0192 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:14:59.0201 0192 Mraid35x - ok
21:14:59.0291 0192 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:14:59.0291 0192 MRxDAV - ok
21:14:59.0361 0192 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:14:59.0361 0192 mrxsmb - ok
21:14:59.0501 0192 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:14:59.0501 0192 mrxsmb10 - ok
21:14:59.0591 0192 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:14:59.0591 0192 mrxsmb20 - ok
21:14:59.0731 0192 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
21:14:59.0731 0192 msahci - ok
21:14:59.0813 0192 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:14:59.0813 0192 msdsm - ok
21:14:59.0938 0192 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:14:59.0953 0192 Msfs - ok
21:15:00.0063 0192 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:15:00.0078 0192 msisadrv - ok
21:15:00.0234 0192 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:00.0234 0192 MSKSSRV - ok
21:15:00.0324 0192 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:00.0334 0192 MSPCLOCK - ok
21:15:00.0364 0192 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:15:00.0364 0192 MSPQM - ok
21:15:00.0414 0192 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:15:00.0424 0192 MsRPC - ok
21:15:00.0524 0192 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:15:00.0524 0192 mssmbios - ok
21:15:00.0584 0192 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:15:00.0584 0192 MSTEE - ok
21:15:00.0644 0192 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:15:00.0644 0192 Mup - ok
21:15:00.0774 0192 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:00.0784 0192 NativeWifiP - ok
21:15:00.0894 0192 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:15:00.0904 0192 NDIS - ok
21:15:00.0974 0192 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:00.0974 0192 NdisTapi - ok
21:15:01.0044 0192 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:01.0044 0192 Ndisuio - ok
21:15:01.0144 0192 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:01.0154 0192 NdisWan - ok
21:15:01.0234 0192 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:15:01.0264 0192 NDProxy - ok
21:15:01.0314 0192 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:15:01.0314 0192 NetBIOS - ok
21:15:01.0354 0192 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:15:01.0374 0192 netbt - ok
21:15:01.0644 0192 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
21:15:01.0704 0192 NETw3v32 - ok
21:15:01.0844 0192 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:15:01.0844 0192 nfrd960 - ok
21:15:01.0924 0192 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:15:01.0934 0192 Npfs - ok
21:15:02.0104 0192 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:15:02.0114 0192 nsiproxy - ok
21:15:02.0224 0192 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:15:02.0264 0192 Ntfs - ok
21:15:02.0384 0192 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:15:02.0384 0192 ntrigdigi - ok
21:15:02.0444 0192 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:15:02.0474 0192 Null - ok
21:15:02.0524 0192 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:15:02.0524 0192 nvraid - ok
21:15:02.0634 0192 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:15:02.0634 0192 nvstor - ok
21:15:02.0714 0192 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:15:02.0714 0192 nv_agp - ok
21:15:02.0734 0192 NwlnkFlt - ok
21:15:02.0754 0192 NwlnkFwd - ok
21:15:02.0824 0192 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:02.0824 0192 ohci1394 - ok
21:15:02.0984 0192 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:15:02.0984 0192 Parport - ok
21:15:03.0084 0192 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:15:03.0084 0192 partmgr - ok
21:15:03.0194 0192 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:15:03.0194 0192 Parvdm - ok
21:15:03.0254 0192 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:15:03.0254 0192 pci - ok
21:15:03.0344 0192 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:15:03.0374 0192 pciide - ok
21:15:03.0514 0192 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:03.0534 0192 pcmcia - ok
21:15:03.0654 0192 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:15:03.0714 0192 PEAUTH - ok
21:15:03.0994 0192 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
21:15:04.0134 0192 PID_PEPI - ok
21:15:04.0264 0192 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:04.0264 0192 PptpMiniport - ok
21:15:04.0304 0192 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:15:04.0314 0192 Processor - ok
21:15:04.0474 0192 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:15:04.0474 0192 PSched - ok
21:15:04.0584 0192 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
21:15:04.0594 0192 PxHelp20 - ok
21:15:04.0694 0192 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:15:04.0714 0192 ql2300 - ok
21:15:04.0824 0192 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:15:04.0834 0192 ql40xx - ok
21:15:04.0894 0192 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:15:04.0904 0192 QWAVEdrv - ok
21:15:04.0944 0192 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:15:04.0944 0192 RasAcd - ok
21:15:05.0044 0192 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:05.0054 0192 Rasl2tp - ok
21:15:05.0124 0192 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:05.0124 0192 RasPppoe - ok
21:15:05.0234 0192 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:15:05.0244 0192 RasSstp - ok
21:15:05.0304 0192 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:15:05.0304 0192 rdbss - ok
21:15:05.0404 0192 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:05.0404 0192 RDPCDD - ok
21:15:05.0494 0192 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:15:05.0494 0192 rdpdr - ok
21:15:05.0524 0192 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:15:05.0524 0192 RDPENCDD - ok
21:15:05.0604 0192 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:15:05.0634 0192 RDPWD - ok
21:15:05.0764 0192 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:15:05.0774 0192 rspndr - ok
21:15:05.0894 0192 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:15:05.0894 0192 RTL8169 - ok
21:15:05.0994 0192 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:15:06.0024 0192 sbp2port - ok
21:15:06.0134 0192 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:15:06.0164 0192 sdbus - ok
21:15:06.0314 0192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:15:06.0314 0192 secdrv - ok
21:15:06.0394 0192 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:15:06.0404 0192 Serenum - ok
21:15:06.0454 0192 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:15:06.0464 0192 Serial - ok
21:15:06.0564 0192 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:15:06.0594 0192 sermouse - ok
21:15:06.0674 0192 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:15:06.0694 0192 sffdisk - ok
21:15:06.0794 0192 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:15:06.0794 0192 sffp_mmc - ok
21:15:06.0874 0192 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:15:06.0884 0192 sffp_sd - ok
21:15:06.0914 0192 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:15:06.0914 0192 sfloppy - ok
21:15:07.0034 0192 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:15:07.0034 0192 sisagp - ok
21:15:07.0094 0192 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:15:07.0104 0192 SiSRaid2 - ok
21:15:07.0144 0192 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:15:07.0204 0192 SiSRaid4 - ok
21:15:07.0314 0192 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:15:07.0324 0192 Smb - ok
21:15:07.0464 0192 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:15:07.0484 0192 spldr - ok
21:15:07.0594 0192 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:15:07.0604 0192 srv - ok
21:15:07.0714 0192 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:15:07.0744 0192 srv2 - ok
21:15:07.0804 0192 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:15:07.0814 0192 srvnet - ok
21:15:07.0874 0192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:15:07.0874 0192 ssmdrv - ok
21:15:08.0044 0192 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:15:08.0044 0192 StillCam - ok
21:15:08.0204 0192 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:15:08.0214 0192 swenum - ok
21:15:08.0324 0192 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:15:08.0334 0192 Symc8xx - ok
21:15:08.0414 0192 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:15:08.0414 0192 Sym_hi - ok
21:15:08.0464 0192 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:15:08.0464 0192 Sym_u3 - ok
21:15:08.0574 0192 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
21:15:08.0574 0192 SynTP - ok
21:15:08.0714 0192 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:15:08.0724 0192 Tcpip - ok
21:15:08.0884 0192 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:15:08.0894 0192 Tcpip6 - ok
21:15:09.0034 0192 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:15:09.0044 0192 tcpipreg - ok
21:15:09.0244 0192 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:15:09.0254 0192 tdcmdpst - ok
21:15:09.0334 0192 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:15:09.0334 0192 TDPIPE - ok
21:15:09.0444 0192 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:15:09.0444 0192 TDTCP - ok
21:15:09.0524 0192 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:15:09.0534 0192 tdx - ok
21:15:09.0584 0192 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:15:09.0584 0192 TermDD - ok
21:15:09.0744 0192 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
21:15:09.0744 0192 tifm21 - ok
21:15:09.0934 0192 Tosrfcom - ok
21:15:09.0984 0192 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
21:15:09.0984 0192 tosrfec - ok
21:15:10.0064 0192 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:15:10.0064 0192 tos_sps32 - ok
21:15:10.0194 0192 TpChoice - ok
21:15:10.0344 0192 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:10.0344 0192 tssecsrv - ok
21:15:10.0434 0192 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:15:10.0434 0192 tunmp - ok
21:15:10.0474 0192 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:15:10.0474 0192 tunnel - ok
21:15:10.0574 0192 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:15:10.0574 0192 TVALZ - ok
21:15:10.0664 0192 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:15:10.0664 0192 uagp35 - ok
21:15:10.0774 0192 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:15:10.0774 0192 udfs - ok
21:15:10.0894 0192 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:15:10.0924 0192 uliagpkx - ok
21:15:11.0044 0192 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:15:11.0054 0192 uliahci - ok
21:15:11.0174 0192 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:15:11.0204 0192 UlSata - ok
21:15:11.0274 0192 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:15:11.0284 0192 ulsata2 - ok
21:15:11.0404 0192 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:15:11.0414 0192 umbus - ok
21:15:11.0554 0192 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
21:15:11.0554 0192 USBAAPL - ok
21:15:11.0684 0192 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:15:11.0694 0192 usbaudio - ok
21:15:11.0744 0192 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:11.0764 0192 usbccgp - ok
21:15:11.0884 0192 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:15:11.0884 0192 usbcir - ok
21:15:11.0964 0192 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:15:11.0964 0192 usbehci - ok
21:15:12.0014 0192 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:15:12.0024 0192 usbhub - ok
21:15:12.0134 0192 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:15:12.0164 0192 usbohci - ok
21:15:12.0264 0192 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:15:12.0264 0192 usbprint - ok
21:15:12.0324 0192 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:15:12.0324 0192 USBSTOR - ok
21:15:12.0394 0192 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:15:12.0404 0192 usbuhci - ok
21:15:12.0544 0192 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:15:12.0554 0192 usbvideo - ok
21:15:12.0614 0192 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:15:12.0614 0192 vga - ok
21:15:12.0704 0192 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:15:12.0704 0192 VgaSave - ok
21:15:12.0764 0192 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:15:12.0774 0192 viaagp - ok
21:15:12.0814 0192 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:15:12.0844 0192 ViaC7 - ok
21:15:12.0894 0192 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:15:12.0914 0192 viaide - ok
21:15:13.0044 0192 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:15:13.0044 0192 volmgr - ok
21:15:13.0114 0192 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:15:13.0124 0192 volmgrx - ok
21:15:13.0234 0192 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:15:13.0254 0192 volsnap - ok
21:15:13.0324 0192 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:15:13.0344 0192 vsmraid - ok
21:15:13.0494 0192 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:15:13.0524 0192 WacomPen - ok
21:15:13.0604 0192 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:13.0614 0192 Wanarp - ok
21:15:13.0624 0192 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:15:13.0624 0192 Wanarpv6 - ok
21:15:13.0694 0192 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:15:13.0704 0192 Wd - ok
21:15:13.0974 0192 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:15:13.0974 0192 Wdf01000 - ok
21:15:14.0824 0192 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:15:14.0854 0192 WmiAcpi - ok
21:15:15.0094 0192 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:15:15.0094 0192 WpdUsb - ok
21:15:15.0174 0192 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:15:15.0174 0192 ws2ifsl - ok
21:15:15.0344 0192 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:15:15.0344 0192 WSDPrintDevice - ok
21:15:15.0484 0192 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:15:15.0504 0192 WUDFRd - ok
21:15:15.0544 0192 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
21:15:15.0564 0192 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:15:15.0564 0192 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:15:15.0594 0192 Boot (0x1200) (bcaf97a13b1d31bc3778ca91dc7dfa31) \Device\Harddisk0\DR0\Partition0
21:15:15.0594 0192 \Device\Harddisk0\DR0\Partition0 - ok
21:15:15.0604 0192 ============================================================
21:15:15.0604 0192 Scan finished
21:15:15.0604 0192 ============================================================
21:15:15.0624 5968 Detected object count: 1
21:15:15.0624 5968 Actual detected object count: 1
21:15:29.0362 5968 \Device\Harddisk0\DR0\# - copied to quarantine
21:15:29.0362 5968 \Device\Harddisk0\DR0 - copied to quarantine
21:15:29.0422 5968 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:15:29.0442 5968 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:15:29.0452 5968 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:15:29.0452 5968 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:15:29.0472 5968 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:15:29.0502 5968 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:15:29.0512 5968 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:15:29.0522 5968 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:15:29.0522 5968 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:15:29.0532 5968 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:15:29.0542 5968 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:15:29.0542 5968 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:15:29.0602 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:15:29.0602 5968 \Device\Harddisk0\DR0 - ok
21:15:29.0612 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:15:50.0019 1988 Deinitialize success
 
I always want to see the log no matter what it says.
That's for the future.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-15 19:19:29
-----------------------------
19:19:29.037 OS Version: Windows 6.0.6002 Service Pack 2
19:19:29.037 Number of processors: 1 586 0x1601
19:19:29.037 ComputerName: SATAN-PC UserName: Satan
19:19:35.027 Initialize success
19:20:51.673 AVAST engine defs: 12031401
19:21:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:21:16.302 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
19:21:16.317 Disk 0 MBR read successfully
19:21:16.317 Disk 0 MBR scan
19:21:16.364 Disk 0 Windows VISTA default MBR code
19:21:16.395 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:21:16.426 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
19:21:16.458 Disk 0 scanning sectors +234440704
19:21:16.536 Disk 0 scanning C:\Windows\system32\drivers
19:21:37.523 Service scanning
19:22:21.407 Modules scanning
19:22:30.137 Disk 0 trace - called modules:
19:22:30.167 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:22:30.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e9968]
19:22:30.197 3 CLASSPNP.SYS[82d538b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x851d2390]
19:22:31.785 AVAST engine scan C:\Windows
19:22:37.355 AVAST engine scan C:\Windows\system32
19:28:36.571 AVAST engine scan C:\Windows\system32\drivers
19:28:59.092 AVAST engine scan C:\Users\Satan
19:43:52.184 AVAST engine scan C:\ProgramData
19:46:57.328 Scan finished successfully
19:47:36.737 Disk 0 MBR has been saved successfully to "C:\Users\Satan\Desktop\MBR.dat"
19:47:36.768 The log file has been saved successfully to "C:\Users\Satan\Desktop\aswMBR.txt"
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-15 19:19:29
-----------------------------
19:19:29.037 OS Version: Windows 6.0.6002 Service Pack 2
19:19:29.037 Number of processors: 1 586 0x1601
19:19:29.037 ComputerName: SATAN-PC UserName: Satan
19:19:35.027 Initialize success
19:20:51.673 AVAST engine defs: 12031401
19:21:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:21:16.302 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
19:21:16.317 Disk 0 MBR read successfully
19:21:16.317 Disk 0 MBR scan
19:21:16.364 Disk 0 Windows VISTA default MBR code
19:21:16.395 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:21:16.426 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
19:21:16.458 Disk 0 scanning sectors +234440704
19:21:16.536 Disk 0 scanning C:\Windows\system32\drivers
19:21:37.523 Service scanning
19:22:21.407 Modules scanning
19:22:30.137 Disk 0 trace - called modules:
19:22:30.167 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:22:30.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e9968]
19:22:30.197 3 CLASSPNP.SYS[82d538b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x851d2390]
19:22:31.785 AVAST engine scan C:\Windows
19:22:37.355 AVAST engine scan C:\Windows\system32
19:28:36.571 AVAST engine scan C:\Windows\system32\drivers
19:28:59.092 AVAST engine scan C:\Users\Satan
19:43:52.184 AVAST engine scan C:\ProgramData
19:46:57.328 Scan finished successfully
19:47:36.737 Disk 0 MBR has been saved successfully to "C:\Users\Satan\Desktop\MBR.dat"
19:47:36.768 The log file has been saved successfully to "C:\Users\Satan\Desktop\aswMBR.txt"
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-03-15.03 - Satan 03/15/2012 20:21:52.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1148 [GMT -7:00]
Running from: c:\users\Satan\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
.
.
2012-03-16 03:32 . 2012-03-16 03:39 -------- d-----w- c:\users\Satan\AppData\Local\temp
2012-03-16 03:32 . 2012-03-16 03:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-03-16 03:32 . 2012-03-16 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 04:35 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 04:34 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 04:34 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 04:34 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 04:34 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 04:34 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 04:34 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0E873BA-9150-45CD-A97F-95FD2CA5A3C4}\mpengine.dll
2012-03-15 04:34 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-15 04:34 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 04:34 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-15 04:29 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-03-15 04:29 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-15 04:15 . 2012-03-15 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 02:45 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 02:22 . 2012-03-12 02:22 -------- d-----w- c:\users\Guest\AppData\Roaming\Intuit
2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\program files\Common Files\Intuit
2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\program files\Quicken
2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\users\Satan\AppData\Roaming\Intuit
2012-03-12 01:02 . 2012-03-12 01:02 -------- d-----w- c:\programdata\Intuit
2012-03-09 21:56 . 2012-03-09 21:56 -------- d-----w- c:\programdata\WindowsSearch
2012-03-08 04:22 . 2012-03-08 04:22 -------- d-----w- c:\windows\Sun
2012-03-07 04:43 . 2012-03-14 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-06 05:39 . 2012-03-06 05:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2012-03-06 05:04 . 2012-03-06 05:04 -------- d-----w- c:\users\Satan\AppData\Roaming\Malwarebytes
2012-03-06 05:03 . 2012-03-06 05:03 -------- d-----w- c:\programdata\Malwarebytes
2012-02-25 07:55 . 2012-02-25 07:55 -------- d-----w- c:\users\Guest\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-06 03:35 . 2011-07-28 09:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 13:10 . 2010-10-31 06:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 04:04 . 2011-12-06 01:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d474053-6aea-476f-af1a-840e7bbd0edb}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Softonic-EngUSA_\prxtbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d474053-6aea-476f-af1a-840e7bbd0edb}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D474053-6AEA-476F-AF1A-840E7BBD0EDB}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-7-23 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050984951-2095670543-4058770262-1000Core.job
- c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 05:38]
.
2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050984951-2095670543-4058770262-1000UA.job
- c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 05:38]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 23:42]
.
2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031760
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{39811BFD-A031-4F2C-9911-CDF8F9763AED}: NameServer = 68.87.76.178,66.240.48.9
FF - ProfilePath - c:\users\Satan\AppData\Roaming\Mozilla\Firefox\Profiles\5gurtq4y.default\
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-03-15 20:47:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-16 03:47
.
Pre-Run: 62,916,169,728 bytes free
Post-Run: 64,593,223,680 bytes free
.
- - End Of File - - D1A6CCDA4F89BAF50A560AC90E7DEBF8
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Extras.txt

OTL Extras logfile created on: 3/16/2012 6:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Satan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.58% Memory free
4.22 Gb Paging File | 2.97 Gb Available in Paging File | 70.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 59.32 Gb Free Space | 53.77% Space Free | Partition Type: NTFS

Computer Name: SATAN-PC | User Name: Satan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4050984951-2095670543-4058770262-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0020B61A-53F8-4DAE-9D3D-44DE63DDBF91}" = lport=31337 | protocol=6 | dir=in | name=terraria |
"{0325093D-6B08-455E-A321-AFF4E1D58EB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0441D404-691E-4C67-BA07-36B9727866EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0535BD24-CFCE-4732-9BF4-E9186BE9C836}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{0627EE78-5B57-42D8-833D-BF650CE6C1D9}" = rport=5357 | protocol=6 | dir=out | app=system |
"{07B0D077-86F5-4609-BD5C-52BF10F28256}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A88FBF6-FE2C-40F6-B9EC-612CFB50FFA8}" = lport=2178 | protocol=6 | dir=in | app=system |
"{10F0A921-FF19-4601-84DA-7C81B98FE873}" = lport=2869 | protocol=6 | dir=in | app=system |
"{15DB462A-AF30-4249-9D17-EA8A992ED9F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{166DA2F1-BC4F-4997-B4C8-CC9639FC2956}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{258A2FFE-449F-4D42-A44A-CF22710FFF99}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{294799FB-DE86-4036-868C-7B76207F6E08}" = lport=137 | protocol=17 | dir=in | app=system |
"{296C7F34-4872-43A7-8425-8768FC53C7AE}" = lport=7777 | protocol=6 | dir=in | name=terraria 2 |
"{357878ED-CB35-4315-8903-18BE83BFC995}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{407F5A18-A5DF-487A-8976-4B2833B54D79}" = rport=137 | protocol=17 | dir=out | app=system |
"{4AC623C8-8662-4D49-B41F-4F546FFB0477}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4C86120F-360B-49E3-A0D9-3F3BAE80EE05}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E424031-999B-4F31-AAF3-8325CFB42E44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{4EE6ADC1-578A-4E5A-A85F-EE448D8835BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{52CC24E2-C085-49B9-96A1-D9E35B3DAABB}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{5331AE99-00F4-43CD-A03E-C78C57695847}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{590C3017-AB8B-4019-BAFC-12DEAF9DF71E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{5CFAFCCE-78A5-4D6B-85A5-F8DD8493A2F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{6B15CFFC-B31F-41D4-A286-06D851D9F9F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BD51C73-E9D7-49F5-A1FC-6A8EA5EE9F56}" = rport=5358 | protocol=6 | dir=out | app=system |
"{6ED2D5A1-8F87-4D44-9355-233375E77719}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F40BA4E-89D3-40BD-A91F-47CBA2AD54BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{73323364-EDA1-4164-A80C-B1B740474B22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{86A50A31-E9C0-4F28-9249-BB7C2150CF1E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{885E8FA4-DCC6-4B2E-B8FA-6F5A6B15B3AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EC6BBB5-9FB7-4764-BC2C-FBB13AE0F96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9FE05305-0094-4DE1-A5D3-93F9AC36A109}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AAA11173-CBCA-4A1F-BCEC-DB4947272184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B9AB7261-46F0-4A4E-A561-3D74D684C685}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C007D31C-81A7-4F9A-8FC4-05B61AE9C977}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C8382727-BAEE-4323-B762-3A38622EAC66}" = lport=445 | protocol=6 | dir=in | app=system |
"{D00E758B-F6A2-4108-AAAD-A9C5A06BE900}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{D54C5119-DC58-456B-8F23-9BCF8A456B9B}" = rport=2178 | protocol=6 | dir=out | app=system |
"{E0573ECA-DE36-40A2-BDA4-2A174131AFE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E2820655-CC7C-45F9-AAFD-11A559097118}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E2DAB26C-320B-4A45-8B97-597D454A640B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E486302F-4C37-46D0-855F-9DF42A87B186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAD90454-2860-435A-9143-019355A0CB96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F6AE7432-7C9E-43AF-A8B2-4E1C167583AA}" = lport=5357 | protocol=6 | dir=in | app=system |
"{F710D2C8-EF3C-42FA-80B0-0D1B59777B18}" = rport=139 | protocol=6 | dir=out | app=system |
"{FDD53E9B-66F2-468C-9C9A-BE8F8F18C2B4}" = lport=5358 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A3EFA3-9274-4215-8D36-C2C70FC0D281}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{11AC29AC-D031-479E-8920-A73E712B6B12}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1813842D-D741-4CC7-B232-EFC981CA9889}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{181E3A88-CD6C-4959-B964-28739BB5AA0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1915CF69-DC47-4944-BC41-28EBC182446E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{382FA0E4-B09B-4217-8BC7-4A5E0FF645F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{452DAF9C-F0AA-4748-9C7D-AB81421F5C1A}" = protocol=6 | dir=out | app=system |
"{4A9478A2-C45B-40DC-8662-D5447694216E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{5CF81E3A-3E47-44F0-961B-7E8212788B12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{64FAB3A7-A9BD-4335-BDE2-BB24CD539B75}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{653065FD-9D06-4A76-B2AF-A127176C71D8}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{68CA25DC-808F-4FDA-A43E-6FC20C06E25E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{6B788418-9627-41F5-9399-403E8D7E9E15}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{6C75D61A-2EA9-49FA-B95E-48B93BD1BF7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{85F92E66-24DA-4AF5-9EB9-BF4C7637D358}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{860E7ED2-9500-4892-9FC3-5B5C4BA943F1}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{95406314-7A4C-4336-B97D-347834FC148C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99859D97-0C4E-4EB8-B02E-3717997CB754}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9DBE4C5D-1777-4A60-BB01-B856CD53D7A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9ECADBA6-D075-4A5C-863E-784FED82089A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A072CB96-75CD-45D6-AD46-A51E9308AE51}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A33A0AF1-A7FE-4EC0-9C8E-F3A6FA6B9102}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFC6A88C-F9DB-47F6-A35B-8155B34EA25F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B5E84012-85AA-4E5D-B7A3-27667027C027}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{B7793FC8-01AF-4B16-AE3D-FE74BA174F2C}" = protocol=6 | dir=out | app=system |
"{B8782635-8E3F-4019-BB7F-F9F9D981B140}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BC5173C5-894D-4860-A3EB-1E8883831E71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD23C075-36EF-49E3-9AF8-7A444660C4EC}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{BE7B4FDD-DC71-4835-A2E1-C7D30C287ADE}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{C174F0E9-42BD-40F4-A68E-9BDC19202B9B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C39B7CE4-6F4F-4A6E-BF13-9571D25FE310}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{C5176CBA-B1B2-49F0-8298-CF89D7EC300E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C9DC7A38-B16F-4BCE-9C89-CF54B8E371AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CB4EDF0A-21F5-412A-9BC5-FE4741BE3CE4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{CECFCF96-B3E9-458D-AC3E-E6EE0CA9217D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{D9A12464-E98B-4839-A564-4FE266C71701}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{DC5542B6-A1DE-4245-81FC-E3CFAA3BBAAA}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{DCA2B74D-6B43-488B-BADE-CCEA6EC2CDD2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0534F4F-8D66-4E09-9D39-71EA11BE692A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E495AFFD-CDD2-4EB1-8845-76442EB34A7C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F206B229-8998-48CA-9095-58A475193640}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{F2CC2140-38B9-49B2-A5BE-4369813E2A37}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F80FFD5D-07EA-402C-BE70-A5FEEB261415}" = dir=in | app=c:\users\satan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F8523A69-ACF8-400E-9CDE-BFA1B44301A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9AC4CD5-EF71-4110-BDF9-7A6E5B383867}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{50CEE4BB-48B2-4F52-B1F8-D163629F3547}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
"TCP Query User{61AB0872-868F-40BC-8191-5EBC0F342061}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"TCP Query User{6517FE44-9CA7-477E-8B39-32701F32E459}C:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe |
"TCP Query User{684CDBF2-E948-45E2-90DC-FC731A8CEA6B}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
"TCP Query User{6BD41EA4-4696-4F5E-B807-9F9B067DA6AB}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{B00692A5-B7A8-4C8D-91ED-90A734376924}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
"UDP Query User{AAF8879D-1185-4328-8A00-0041CCB8B1BF}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
"UDP Query User{B69145B5-8DD6-4110-A4CF-A28FA12A4B82}C:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe |
"UDP Query User{B804118C-8A84-4DF6-A2BF-ABD9D5DB93F9}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
"UDP Query User{BE331A48-6C0A-460D-8D19-0F39A6B4F1FA}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{C43B872F-EDA1-469B-B22F-24C6FB01C261}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
"UDP Query User{CC7403A5-5E3F-4B91-8DB0-F0A9C5573A42}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint Mobile
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"Emicsoft Video Converter_is1" = Emicsoft Video Converter
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Logitech Vid" = Logitech Vid HD
"LUNA Plus" = LUNA Plus v1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Picasa2" = Picasa 2
"Softonic-EngUSA_ Toolbar" = Softonic-EngUSA_ Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ULTIMATER" = Microsoft Office Ultimate 2007
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back