Solved Svchost.exe virus window 7

Kenneth Wong

Posts: 26   +0
Hello. I am having trouble with removing the svchost.exe virus that showed up in my malewarebytes scan. It does not remove it even after reboot. I have save the log of the malewarebytes scan. However when I try to do do the gmer.exe step, It does not run. It said it is not a valid win32 application. I am unless in computer so please help.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I think I get the instruction right, there is no gmer log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fai :: FAI-PC [administrator]

8/8/2012 7:02:11 PM
mbam-log-2012-08-08 (19-02-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203594
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 9600 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Fai at 21:55:39 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.2836 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Fai\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
-netsvcs
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Fai\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A6CB86F7385B0EC8520F084FD3E3389C&tbp=homepage
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] "C:\Users\Fai\AppData\Local\Akamai\netsession_win.exe"
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
StartupFolder: C:\Users\Fai\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
 
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\4786F6D61637D2C65676163697 : DhcpNameServer = 149.61.10.101 149.61.100.101 204.13.12.41
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\86F62716E6 : DhcpNameServer = 149.61.10.101 149.61.100.101 204.13.12.41
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\A41637075627E65647 : DhcpNameServer = 149.61.10.101 149.61.100.101 204.13.12.41
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\A61637075627E65647 : DhcpNameServer = 149.61.10.101 149.61.100.101 204.13.12.41
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\A61637075627E65647D27657563747 : DhcpNameServer = 149.61.63.101 149.61.103.101 149.61.143.101 8.8.8.8
TCP: Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}\C696E6B637973723 : DhcpNameServer = 61.10.1.146 203.83.113.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z129&install_date=20111108
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Fai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys [2011-9-9 1152632]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110917.031\IDSviA64.sys [2011-9-17 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-8 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-26 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-9-18 136824]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-7-26 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-26 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-08 23:16:48 20480 ----a-w- C:\windows\svchost.exe
2012-08-07 03:27:14 -------- d-----w- C:\Users\Fai\AppData\Local\Eraser 6
2012-08-05 13:23:49 -------- d-----w- C:\Program Files\Eraser
2012-08-03 11:52:18 -------- d-----w- C:\Users\Fai\AppData\Local\Aeria Games
2012-08-03 11:50:52 -------- d-----w- C:\ProgramData\Aeria Games
2012-07-31 14:16:03 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin
2012-07-31 14:15:57 -------- d-----w- C:\Program Files (x86)\Aeria Games
2012-07-31 12:41:16 -------- d-----w- C:\Users\Fai\AppData\Local\Akamai
2012-07-31 12:41:15 -------- d-----w- C:\AeriaGames
2012-07-31 12:09:58 713312 ----a-w- C:\windows\SysWow64\ijjiSetup.exe
2012-07-31 12:09:58 62048 ----a-w- C:\windows\SysWow64\ijjiProcessRestarter.exe
2012-07-31 12:09:58 27136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2012-07-31 00:26:07 -------- d-----w- C:\Users\Fai\AppData\Roaming\Wise Registry Cleaner
2012-07-31 00:24:36 -------- d-----w- C:\Program Files (x86)\Wise
2012-07-22 23:43:28 4774 ----a-w- C:\windows\SysWow64\npptNT2.sys
2012-07-22 23:43:27 5265 ----a-w- C:\windows\SysWow64\nppt9x.vxd
2012-07-21 03:02:37 -------- d-----w- C:\Program Files (x86)\Free Hide Folder
2012-07-21 02:49:15 -------- d-----w- C:\Users\Fai\AppData\Roaming\Groovedown
2012-07-21 02:47:26 -------- d-----w- C:\Program Files\Browser Cleaner
2012-07-21 02:46:08 -------- d-----w- C:\Users\Fai\AppData\Local\Coupon Companion
2012-07-21 02:46:07 -------- d-----w- C:\Program Files (x86)\Coupon Companion
2012-07-21 02:28:28 22016 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
2012-07-21 02:28:27 -------- d-----w- C:\ProgramData\ijjigame
2012-07-21 02:14:38 -------- d-----w- C:\Program Files (x86)\REACTOR
2012-07-20 12:44:07 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-07-20 12:44:05 -------- d-----w- C:\Users\Fai\Corel
2012-07-18 01:47:36 1892184 ----a-w- C:\windows\SysWow64\D3DX9_42.dll
2012-07-18 01:46:53 -------- d-----w- C:\windows\SysWow64\xlive
2012-07-18 01:46:46 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-07-11 07:06:27 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 01:43:47 -------- d-----w- C:\Users\Fai\AppData\Roaming\2K Sports
2012-07-11 00:50:48 -------- d-----w- C:\Users\Fai\AppData\Roaming\TuneUp Software
2012-07-11 00:50:15 -------- d-----w- C:\ProgramData\TuneUp Software
2012-07-11 00:49:34 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-11 00:48:15 -------- d-----w- C:\Users\Fai\AppData\Roaming\OpenCandy
2012-07-11 00:48:08 283200 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2012-07-11 00:47:54 -------- d-----w- C:\Users\Fai\AppData\Roaming\DAEMON Tools Lite
2012-07-11 00:47:52 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-07-11 00:42:35 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-07-11 00:34:59 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
==================== Find3M ====================
.
2012-08-04 13:27:46 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 13:27:46 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 21:13:40 405144 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-05-31 12:21:13 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-05-31 12:21:13 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
.
============= FINISH: 21:56:42.80 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2011 4:52:37 PM
System Uptime: 8/8/2012 7:47:15 PM (2 hours ago)
.
Motherboard: TOSHIBA | | POQAA
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 272.493 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
¨Í¹D Online
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Aeria Ignite
Akamai NetSession Interface
Alliance of Valiant Arms
Anti-phishing Domain Advisor
Apple Application Support
Apple Software Update
Best Buy pc app
Corel WinDVD
Coupon Companion
Crayon Physics Deluxe version 55
D3DX10
DAEMON Tools Lite
DFOLauncher
DragonNest
Free 3D Video Maker version 1.1.4.221
Free AVI Video Converter version 5.0.6.221
Free Hide Folder
Free Video to iPod Converter version 5.0.15.706
Free Video to MP3 Converter version 5.0.15.706
Free YouTube Download version 3.1.31.706
Free YouTube to MP3 Converter version 3.11.26.706
Game Booster 3
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Groovedown version 0.84
iFunbox (v1.98.948.666), iFunbox DevTeam
ImgBurn
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 31
JMicron Flash Media Controller Driver
JPG to PDF Converter 1.0
Junk Mail filter update
Label@Once 1.0
Machete 3.8
Machete Lite 3.8
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NBA 2K12
Nexon Game Manager
Norton Internet Security
OpenOffice.org 3.3
Orbit Downloader
Pando Media Booster
PlayReady PC Runtime x86
Ragnarok Online
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.94
RoboForm 7-7-5 (All Users)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Utility Common Driver
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR 4.10 (32-bit)
Wise Registry Cleaner 7.41
.
==== Event Viewer Messages From Past Week ========
.
8/8/2012 9:48:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/8/2012 9:48:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/8/2012 3:07:43 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/6/2012 4:53:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
8/6/2012 4:53:36 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2012 4:52:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
8/6/2012 10:10:49 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
8/6/2012 10:10:48 AM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
8/5/2012 9:13:54 AM, Error: Service Control Manager [7022] - The Intel(R) Management and Security Application User Notification Service service hung on starting.
8/5/2012 9:11:41 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/5/2012 9:06:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/5/2012 9:06:43 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
22:12:19.0081 0616 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:12:19.0431 0616 ============================================================
22:12:19.0431 0616 Current date / time: 2012/08/08 22:12:19.0431
22:12:19.0431 0616 SystemInfo:
22:12:19.0431 0616
22:12:19.0431 0616 OS Version: 6.1.7601 ServicePack: 1.0
22:12:19.0431 0616 Product type: Workstation
22:12:19.0431 0616 ComputerName: FAI-PC
22:12:19.0431 0616 UserName: Fai
22:12:19.0431 0616 Windows directory: C:\windows
22:12:19.0431 0616 System windows directory: C:\windows
22:12:19.0431 0616 Running under WOW64
22:12:19.0431 0616 Processor architecture: Intel x64
22:12:19.0431 0616 Number of processors: 4
22:12:19.0431 0616 Page size: 0x1000
22:12:19.0431 0616 Boot type: Normal boot
22:12:19.0431 0616 ============================================================
22:12:20.0391 0616 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:12:20.0411 0616 ============================================================
22:12:20.0411 0616 \Device\Harddisk0\DR0:
22:12:20.0411 0616 MBR partitions:
22:12:20.0411 0616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4892C000
22:12:20.0411 0616 ============================================================
22:12:20.0451 0616 C: <-> \Device\Harddisk0\DR0\Partition0
22:12:20.0451 0616 ============================================================
22:12:20.0451 0616 Initialize success
22:12:20.0451 0616 ============================================================
22:12:27.0584 7996 ============================================================
22:12:27.0584 7996 Scan started
22:12:27.0584 7996 Mode: Manual;
22:12:27.0584 7996 ============================================================
22:12:28.0698 7996 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:12:28.0698 7996 1394ohci - ok
22:12:28.0788 7996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:12:28.0798 7996 ACPI - ok
22:12:28.0838 7996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:12:28.0838 7996 AcpiPmi - ok
22:12:28.0958 7996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:12:28.0958 7996 AdobeARMservice - ok
22:12:29.0208 7996 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:12:29.0208 7996 AdobeFlashPlayerUpdateSvc - ok
22:12:29.0328 7996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:12:29.0338 7996 adp94xx - ok
22:12:29.0438 7996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:12:29.0448 7996 adpahci - ok
22:12:29.0488 7996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:12:29.0498 7996 adpu320 - ok
22:12:29.0538 7996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:12:29.0538 7996 AeLookupSvc - ok
22:12:29.0648 7996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:12:29.0658 7996 AFD - ok
22:12:29.0698 7996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:12:29.0698 7996 agp440 - ok
22:12:29.0748 7996 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:12:29.0758 7996 ALG - ok
22:12:29.0789 7996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:12:29.0789 7996 aliide - ok
22:12:29.0809 7996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:12:29.0809 7996 amdide - ok
22:12:29.0839 7996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:12:29.0839 7996 AmdK8 - ok
22:12:29.0859 7996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:12:29.0859 7996 AmdPPM - ok
22:12:29.0899 7996 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:12:29.0899 7996 amdsata - ok
22:12:29.0989 7996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:12:29.0999 7996 amdsbs - ok
22:12:30.0019 7996 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:12:30.0029 7996 amdxata - ok
22:12:30.0079 7996 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:12:30.0079 7996 AppID - ok
22:12:30.0119 7996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:12:30.0119 7996 AppIDSvc - ok
22:12:30.0159 7996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:12:30.0159 7996 Appinfo - ok
22:12:30.0269 7996 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:12:30.0279 7996 Apple Mobile Device - ok
22:12:30.0309 7996 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:12:30.0309 7996 arc - ok
22:12:30.0349 7996 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:12:30.0349 7996 arcsas - ok
22:12:30.0549 7996 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:12:30.0549 7996 aspnet_state - ok
22:12:30.0589 7996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:12:30.0589 7996 AsyncMac - ok
22:12:30.0629 7996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:12:30.0629 7996 atapi - ok
22:12:30.0749 7996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:12:30.0769 7996 AudioEndpointBuilder - ok
22:12:30.0779 7996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:12:30.0799 7996 AudioSrv - ok
22:12:31.0350 7996 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
22:12:31.0420 7996 AVGIDSAgent - ok
22:12:31.0580 7996 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
22:12:31.0580 7996 AVGIDSDriver - ok
22:12:31.0610 7996 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
22:12:31.0610 7996 AVGIDSEH - ok
22:12:31.0630 7996 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
22:12:31.0630 7996 AVGIDSFilter - ok
22:12:31.0690 7996 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
22:12:31.0690 7996 Avgldx64 - ok
22:12:31.0730 7996 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
22:12:31.0740 7996 Avgmfx64 - ok
22:12:31.0810 7996 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
22:12:31.0810 7996 Avgrkx64 - ok
22:12:31.0860 7996 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
22:12:31.0870 7996 Avgtdia - ok
22:12:31.0990 7996 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
22:12:31.0990 7996 avgwd - ok
22:12:32.0040 7996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:12:32.0050 7996 AxInstSV - ok
22:12:32.0140 7996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:12:32.0150 7996 b06bdrv - ok
22:12:32.0230 7996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:12:32.0230 7996 b57nd60a - ok
22:12:32.0300 7996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:12:32.0300 7996 BDESVC - ok
22:12:32.0320 7996 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:12:32.0320 7996 Beep - ok
22:12:32.0447 7996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:12:32.0463 7996 BFE - ok
22:12:32.0697 7996 BHDrvx64 (440eee1cf57ed22e8838df6e60c8c45d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110909.001\BHDrvx64.sys
22:12:32.0728 7996 BHDrvx64 - ok
22:12:33.0040 7996 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
22:12:33.0087 7996 BITS - ok
22:12:33.0149 7996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
22:12:33.0149 7996 blbdrive - ok
22:12:33.0274 7996 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:12:33.0290 7996 Bonjour Service - ok
22:12:33.0336 7996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:12:33.0336 7996 bowser - ok
22:12:33.0383 7996 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\windows\system32\DRIVERS\bpenum.sys
22:12:33.0383 7996 bpenum - ok
22:12:33.0446 7996 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\windows\system32\DRIVERS\bpmp.sys
22:12:33.0461 7996 bpmp - ok
22:12:33.0508 7996 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\windows\system32\Drivers\bpusb.sys
22:12:33.0508 7996 bpusb - ok
22:12:33.0570 7996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:12:33.0570 7996 BrFiltLo - ok
22:12:33.0586 7996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:12:33.0586 7996 BrFiltUp - ok
22:12:33.0648 7996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:12:33.0648 7996 Browser - ok
22:12:33.0695 7996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:12:33.0711 7996 Brserid - ok
22:12:33.0726 7996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:12:33.0742 7996 BrSerWdm - ok
22:12:33.0758 7996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:12:33.0758 7996 BrUsbMdm - ok
22:12:33.0789 7996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:12:33.0789 7996 BrUsbSer - ok
22:12:33.0867 7996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:12:33.0867 7996 BTHMODEM - ok
22:12:33.0914 7996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:12:33.0914 7996 bthserv - ok
22:12:33.0960 7996 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:12:33.0976 7996 cdfs - ok
22:12:34.0038 7996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:12:34.0054 7996 cdrom - ok
22:12:34.0085 7996 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
22:12:34.0085 7996 CeKbFilter - ok
22:12:34.0132 7996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:12:34.0132 7996 CertPropSvc - ok
22:12:34.0163 7996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:12:34.0179 7996 circlass - ok
22:12:34.0257 7996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:12:34.0272 7996 CLFS - ok
22:12:34.0350 7996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:12:34.0366 7996 clr_optimization_v2.0.50727_32 - ok
22:12:34.0444 7996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:12:34.0444 7996 clr_optimization_v2.0.50727_64 - ok
22:12:34.0584 7996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:12:34.0584 7996 clr_optimization_v4.0.30319_32 - ok
22:12:34.0647 7996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:12:34.0647 7996 clr_optimization_v4.0.30319_64 - ok
22:12:34.0756 7996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
22:12:34.0756 7996 CmBatt - ok
22:12:34.0834 7996 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:12:34.0834 7996 cmdide - ok
22:12:35.0052 7996 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:12:35.0052 7996 CNG - ok
22:12:35.0084 7996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:12:35.0084 7996 Compbatt - ok
22:12:35.0099 7996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
22:12:35.0099 7996 CompositeBus - ok
22:12:35.0130 7996 COMSysApp - ok
22:12:35.0162 7996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:12:35.0162 7996 crcdisk - ok
22:12:35.0224 7996 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:12:35.0224 7996 CryptSvc - ok
22:12:35.0411 7996 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:12:35.0427 7996 cvhsvc - ok
22:12:35.0520 7996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:12:35.0536 7996 DcomLaunch - ok
22:12:35.0614 7996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:12:35.0614 7996 defragsvc - ok
22:12:35.0676 7996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:12:35.0676 7996 DfsC - ok
22:12:35.0739 7996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:12:35.0754 7996 Dhcp - ok
22:12:35.0786 7996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:12:35.0801 7996 discache - ok
22:12:35.0848 7996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:12:35.0848 7996 Disk - ok
22:12:35.0988 7996 DMAgent (ec9d64cc2dd8a4c6d11550f364890db1) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
22:12:35.0988 7996 DMAgent - ok
22:12:36.0051 7996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:12:36.0051 7996 Dnscache - ok
22:12:36.0126 7996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:12:36.0136 7996 dot3svc - ok
22:12:36.0166 7996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:12:36.0176 7996 DPS - ok
22:12:36.0206 7996 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:12:36.0206 7996 drmkaud - ok
22:12:36.0286 7996 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
22:12:36.0286 7996 dtsoftbus01 - ok
22:12:36.0426 7996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:12:36.0446 7996 DXGKrnl - ok
22:12:36.0466 7996 EagleX64 - ok
22:12:36.0526 7996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:12:36.0536 7996 EapHost - ok
22:12:36.0916 7996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:12:36.0966 7996 ebdrv - ok
22:12:37.0166 7996 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:12:37.0176 7996 eeCtrl - ok
22:12:37.0326 7996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:12:37.0326 7996 EFS - ok
22:12:37.0466 7996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:12:37.0476 7996 ehRecvr - ok
22:12:37.0526 7996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:12:37.0526 7996 ehSched - ok
22:12:37.0646 7996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:12:37.0656 7996 elxstor - ok
22:12:37.0756 7996 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:12:37.0756 7996 EraserUtilRebootDrv - ok
22:12:37.0786 7996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:12:37.0786 7996 ErrDev - ok
22:12:37.0886 7996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:12:37.0896 7996 EventSystem - ok
22:12:38.0136 7996 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:12:38.0166 7996 EvtEng - ok
22:12:38.0356 7996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:12:38.0366 7996 exfat - ok
22:12:38.0396 7996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:12:38.0406 7996 fastfat - ok
22:12:38.0576 7996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:12:38.0586 7996 Fax - ok
22:12:38.0616 7996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:12:38.0626 7996 fdc - ok
22:12:38.0656 7996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:12:38.0656 7996 fdPHost - ok
22:12:38.0676 7996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:12:38.0676 7996 FDResPub - ok
22:12:38.0706 7996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:12:38.0716 7996 FileInfo - ok
22:12:38.0736 7996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:12:38.0736 7996 Filetrace - ok
22:12:38.0776 7996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:12:38.0776 7996 flpydisk - ok
22:12:38.0836 7996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:12:38.0846 7996 FltMgr - ok
22:12:38.0986 7996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:12:39.0016 7996 FontCache - ok
22:12:39.0096 7996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:12:39.0106 7996 FontCache3.0.0.0 - ok
22:12:39.0156 7996 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:12:39.0156 7996 FsDepends - ok
22:12:39.0196 7996 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:12:39.0196 7996 Fs_Rec - ok
22:12:39.0246 7996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:12:39.0256 7996 fvevol - ok
22:12:39.0286 7996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:12:39.0286 7996 gagp30kx - ok
22:12:39.0326 7996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:12:39.0326 7996 GEARAspiWDM - ok
22:12:39.0436 7996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:12:39.0456 7996 gpsvc - ok
22:12:39.0536 7996 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:12:39.0536 7996 gupdate - ok
22:12:39.0576 7996 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:12:39.0576 7996 gupdatem - ok
22:12:39.0646 7996 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:12:39.0646 7996 gusvc - ok
22:12:39.0696 7996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:12:39.0706 7996 hcw85cir - ok
22:12:39.0826 7996 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:12:39.0846 7996 HdAudAddService - ok
22:12:39.0887 7996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
22:12:39.0897 7996 HDAudBus - ok
22:12:39.0927 7996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:12:39.0927 7996 HidBatt - ok
22:12:39.0967 7996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:12:39.0967 7996 HidBth - ok
22:12:39.0997 7996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:12:40.0007 7996 HidIr - ok
22:12:40.0033 7996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:12:40.0033 7996 hidserv - ok
22:12:40.0095 7996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:12:40.0095 7996 HidUsb - ok
22:12:40.0142 7996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:12:40.0142 7996 hkmsvc - ok
22:12:40.0189 7996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:12:40.0189 7996 HomeGroupListener - ok
22:12:40.0251 7996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:12:40.0251 7996 HomeGroupProvider - ok
22:12:40.0307 7996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:12:40.0307 7996 HpSAMD - ok
22:12:40.0407 7996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:12:40.0417 7996 HTTP - ok
22:12:40.0437 7996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:12:40.0437 7996 hwpolicy - ok
22:12:40.0507 7996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
22:12:40.0507 7996 i8042prt - ok
22:12:40.0587 7996 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
22:12:40.0597 7996 iaStor - ok
22:12:40.0677 7996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:12:40.0687 7996 iaStorV - ok
22:12:40.0908 7996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:12:40.0918 7996 idsvc - ok
22:12:41.0138 7996 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20110917.031\IDSvia64.sys
22:12:41.0148 7996 IDSVia64 - ok
22:12:42.0478 7996 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
22:12:42.0818 7996 igfx - ok
22:12:42.0989 7996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:12:42.0989 7996 iirsp - ok
22:12:43.0109 7996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:12:43.0129 7996 IKEEXT - ok
22:12:43.0488 7996 IntcAzAudAddService (ac9aafd18e4d52084c4aa8a38795b7e4) C:\windows\system32\drivers\RTKVHD64.sys
22:12:43.0528 7996 IntcAzAudAddService - ok
22:12:43.0718 7996 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:12:43.0728 7996 IntcDAud - ok
22:12:43.0768 7996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:12:43.0768 7996 intelide - ok
22:12:43.0808 7996 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:12:43.0808 7996 intelppm - ok
22:12:43.0848 7996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:12:43.0858 7996 IPBusEnum - ok
22:12:43.0888 7996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:12:43.0888 7996 IpFilterDriver - ok
22:12:43.0928 7996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:12:43.0938 7996 IPMIDRV - ok
22:12:43.0968 7996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:12:43.0988 7996 IPNAT - ok
22:12:44.0158 7996 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:12:44.0168 7996 iPod Service - ok
22:12:44.0198 7996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:12:44.0198 7996 IRENUM - ok
22:12:44.0228 7996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:12:44.0228 7996 isapnp - ok
22:12:44.0268 7996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:12:44.0278 7996 iScsiPrt - ok
22:12:44.0408 7996 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
22:12:44.0408 7996 IviRegMgr - ok
22:12:44.0458 7996 JMCR (0b44199365a69696109ab9a5855e0841) C:\windows\system32\DRIVERS\jmcr.sys
22:12:44.0468 7996 JMCR - ok
22:12:44.0508 7996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:12:44.0508 7996 kbdclass - ok
22:12:44.0538 7996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:12:44.0538 7996 kbdhid - ok
22:12:44.0598 7996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:12:44.0608 7996 KeyIso - ok
22:12:44.0648 7996 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:12:44.0658 7996 KSecDD - ok
22:12:44.0688 7996 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:12:44.0688 7996 KSecPkg - ok
22:12:44.0738 7996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:12:44.0738 7996 ksthunk - ok
22:12:44.0828 7996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:12:44.0858 7996 KtmRm - ok
22:12:44.0939 7996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:12:44.0949 7996 LanmanServer - ok
22:12:44.0989 7996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:12:44.0989 7996 LanmanWorkstation - ok
22:12:45.0079 7996 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:12:45.0079 7996 lltdio - ok
22:12:45.0169 7996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:12:45.0179 7996 lltdsvc - ok
22:12:45.0219 7996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:12:45.0219 7996 lmhosts - ok
22:12:45.0339 7996 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:12:45.0349 7996 LMS - ok
22:12:45.0389 7996 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
22:12:45.0389 7996 LPCFilter - ok
22:12:45.0439 7996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:12:45.0439 7996 LSI_FC - ok
22:12:45.0489 7996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:12:45.0489 7996 LSI_SAS - ok
22:12:45.0539 7996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:12:45.0539 7996 LSI_SAS2 - ok
22:12:45.0569 7996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:12:45.0579 7996 LSI_SCSI - ok
22:12:45.0629 7996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:12:45.0639 7996 luafv - ok
22:12:45.0669 7996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:12:45.0679 7996 Mcx2Svc - ok
22:12:45.0699 7996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:12:45.0699 7996 megasas - ok
22:12:45.0799 7996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:12:45.0809 7996 MegaSR - ok
22:12:45.0869 7996 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:12:45.0869 7996 MEIx64 - ok
22:12:45.0919 7996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:12:45.0919 7996 MMCSS - ok
22:12:45.0939 7996 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:12:45.0939 7996 Modem - ok
22:12:45.0979 7996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:12:45.0979 7996 monitor - ok
22:12:46.0019 7996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:12:46.0019 7996 mouclass - ok
22:12:46.0109 7996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:12:46.0119 7996 mouhid - ok
22:12:46.0159 7996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:12:46.0169 7996 mountmgr - ok
22:12:46.0289 7996 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:12:46.0289 7996 MozillaMaintenance - ok
22:12:46.0329 7996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:12:46.0329 7996 mpio - ok
22:12:46.0359 7996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:12:46.0359 7996 mpsdrv - ok
22:12:46.0399 7996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:12:46.0399 7996 MRxDAV - ok
22:12:46.0449 7996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:12:46.0459 7996 mrxsmb - ok
22:12:46.0519 7996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:12:46.0529 7996 mrxsmb10 - ok
22:12:46.0559 7996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:12:46.0569 7996 mrxsmb20 - ok
22:12:46.0589 7996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
22:12:46.0589 7996 msahci - ok
22:12:46.0629 7996 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:12:46.0629 7996 msdsm - ok
22:12:46.0679 7996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:12:46.0689 7996 MSDTC - ok
22:12:46.0719 7996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:12:46.0719 7996 Msfs - ok
22:12:46.0769 7996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:12:46.0779 7996 mshidkmdf - ok
22:12:46.0789 7996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:12:46.0799 7996 msisadrv - ok
22:12:46.0869 7996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:12:46.0879 7996 MSiSCSI - ok
22:12:46.0889 7996 msiserver - ok
22:12:46.0949 7996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:12:46.0949 7996 MSKSSRV - ok
22:12:46.0979 7996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:12:46.0979 7996 MSPCLOCK - ok
22:12:47.0019 7996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:12:47.0019 7996 MSPQM - ok
22:12:47.0119 7996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:12:47.0149 7996 MsRPC - ok
22:12:47.0179 7996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
22:12:47.0189 7996 mssmbios - ok
22:12:47.0259 7996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:12:47.0269 7996 MSTEE - ok
22:12:47.0289 7996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:12:47.0299 7996 MTConfig - ok
22:12:47.0339 7996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:12:47.0339 7996 Mup - ok
22:12:47.0509 7996 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:12:47.0519 7996 MyWiFiDHCPDNS - ok
22:12:47.0579 7996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:12:47.0599 7996 napagent - ok
 
22:12:47.0669 7996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:12:47.0669 7996 NativeWifiP - ok
22:12:47.0849 7996 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110918.008\ENG64.SYS
22:12:47.0849 7996 NAVENG - ok
22:12:48.0049 7996 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110918.008\EX64.SYS
22:12:48.0079 7996 NAVEX15 - ok
22:12:48.0389 7996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:12:48.0409 7996 NDIS - ok
22:12:48.0439 7996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:12:48.0459 7996 NdisCap - ok
22:12:48.0509 7996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:12:48.0519 7996 NdisTapi - ok
22:12:48.0539 7996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:12:48.0539 7996 Ndisuio - ok
22:12:48.0579 7996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:12:48.0589 7996 NdisWan - ok
22:12:48.0619 7996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:12:48.0629 7996 NDProxy - ok
22:12:48.0659 7996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:12:48.0659 7996 NetBIOS - ok
22:12:48.0699 7996 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:12:48.0699 7996 NetBT - ok
22:12:48.0759 7996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:12:48.0759 7996 Netlogon - ok
22:12:48.0869 7996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:12:48.0869 7996 Netman - ok
22:12:49.0089 7996 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:12:49.0109 7996 NetMsmqActivator - ok
22:12:49.0199 7996 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:12:49.0199 7996 NetPipeActivator - ok
22:12:49.0269 7996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:12:49.0279 7996 netprofm - ok
22:12:49.0289 7996 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:12:49.0299 7996 NetTcpActivator - ok
22:12:49.0299 7996 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:12:49.0299 7996 NetTcpPortSharing - ok
22:12:50.0380 7996 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\windows\system32\DRIVERS\NETwNs64.sys
22:12:50.0630 7996 NETwNs64 - ok
22:12:50.0820 7996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:12:50.0830 7996 nfrd960 - ok
22:12:50.0940 7996 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
22:12:50.0950 7996 NIS - ok
22:12:51.0020 7996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:12:51.0030 7996 NlaSvc - ok
22:12:51.0060 7996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:12:51.0060 7996 Npfs - ok
22:12:51.0080 7996 npggsvc - ok
22:12:51.0100 7996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:12:51.0110 7996 nsi - ok
22:12:51.0140 7996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:12:51.0140 7996 nsiproxy - ok
22:12:51.0400 7996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:12:51.0430 7996 Ntfs - ok
22:12:51.0570 7996 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:12:51.0570 7996 Null - ok
22:12:51.0650 7996 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
22:12:51.0650 7996 nusb3hub - ok
22:12:51.0690 7996 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
22:12:51.0690 7996 nusb3xhc - ok
22:12:51.0750 7996 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:12:51.0750 7996 nvraid - ok
22:12:51.0790 7996 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:12:51.0800 7996 nvstor - ok
22:12:51.0840 7996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:12:51.0840 7996 nv_agp - ok
22:12:51.0880 7996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:12:51.0880 7996 ohci1394 - ok
22:12:51.0980 7996 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:12:51.0980 7996 ose - ok
22:12:52.0630 7996 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:12:52.0780 7996 osppsvc - ok
22:12:53.0020 7996 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:12:53.0030 7996 p2pimsvc - ok
22:12:53.0140 7996 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:12:53.0170 7996 p2psvc - ok
22:12:53.0260 7996 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:12:53.0260 7996 Parport - ok
22:12:53.0310 7996 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:12:53.0310 7996 partmgr - ok
22:12:53.0350 7996 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:12:53.0360 7996 PcaSvc - ok
22:12:53.0390 7996 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:12:53.0400 7996 pci - ok
22:12:53.0430 7996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:12:53.0430 7996 pciide - ok
22:12:53.0470 7996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:12:53.0480 7996 pcmcia - ok
22:12:53.0500 7996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:12:53.0500 7996 pcw - ok
22:12:53.0610 7996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:12:53.0620 7996 PEAUTH - ok
22:12:53.0710 7996 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:12:53.0720 7996 PerfHost - ok
22:12:53.0800 7996 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
22:12:53.0800 7996 PGEffect - ok
22:12:53.0991 7996 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:12:54.0021 7996 pla - ok
22:12:54.0141 7996 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:12:54.0161 7996 PlugPlay - ok
22:12:54.0181 7996 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:12:54.0191 7996 PNRPAutoReg - ok
22:12:54.0271 7996 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:12:54.0281 7996 PNRPsvc - ok
22:12:54.0401 7996 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:12:54.0411 7996 PolicyAgent - ok
22:12:54.0491 7996 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:12:54.0501 7996 Power - ok
22:12:54.0571 7996 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:12:54.0581 7996 PptpMiniport - ok
22:12:54.0611 7996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:12:54.0611 7996 Processor - ok
22:12:54.0681 7996 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:12:54.0701 7996 ProfSvc - ok
22:12:54.0761 7996 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:12:54.0761 7996 ProtectedStorage - ok
22:12:54.0841 7996 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:12:54.0851 7996 Psched - ok
22:12:55.0061 7996 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:12:55.0071 7996 PSI_SVC_2 - ok
22:12:55.0281 7996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:12:55.0311 7996 ql2300 - ok
22:12:55.0471 7996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:12:55.0481 7996 ql40xx - ok
22:12:55.0531 7996 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:12:55.0541 7996 QWAVE - ok
22:12:55.0561 7996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:12:55.0561 7996 QWAVEdrv - ok
22:12:55.0591 7996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:12:55.0591 7996 RasAcd - ok
22:12:55.0641 7996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:12:55.0651 7996 RasAgileVpn - ok
22:12:55.0681 7996 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:12:55.0691 7996 RasAuto - ok
22:12:55.0731 7996 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:12:55.0741 7996 Rasl2tp - ok
22:12:55.0801 7996 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:12:55.0831 7996 RasMan - ok
22:12:55.0881 7996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:12:55.0891 7996 RasPppoe - ok
22:12:55.0921 7996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:12:55.0921 7996 RasSstp - ok
22:12:55.0971 7996 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:12:55.0981 7996 rdbss - ok
22:12:56.0021 7996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:12:56.0021 7996 rdpbus - ok
22:12:56.0041 7996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:12:56.0041 7996 RDPCDD - ok
22:12:56.0081 7996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:12:56.0081 7996 RDPENCDD - ok
22:12:56.0111 7996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:12:56.0111 7996 RDPREFMP - ok
22:12:56.0171 7996 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:12:56.0171 7996 RDPWD - ok
22:12:56.0251 7996 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:12:56.0251 7996 rdyboost - ok
22:12:56.0271 7996 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
22:12:56.0271 7996 regi - ok
22:12:56.0431 7996 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:12:56.0441 7996 RegSrvc - ok
22:12:56.0481 7996 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:12:56.0481 7996 RemoteAccess - ok
22:12:56.0531 7996 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:12:56.0531 7996 RemoteRegistry - ok
22:12:56.0561 7996 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:12:56.0561 7996 RpcEptMapper - ok
22:12:56.0591 7996 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:12:56.0591 7996 RpcLocator - ok
22:12:56.0681 7996 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:12:56.0691 7996 RpcSs - ok
22:12:56.0771 7996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:12:56.0781 7996 rspndr - ok
22:12:56.0881 7996 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
22:12:56.0891 7996 RTL8167 - ok
22:12:56.0931 7996 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:12:56.0941 7996 SamSs - ok
22:12:56.0971 7996 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:12:56.0971 7996 sbp2port - ok
22:12:57.0011 7996 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:12:57.0021 7996 SCardSvr - ok
22:12:57.0051 7996 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:12:57.0051 7996 scfilter - ok
22:12:57.0171 7996 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:12:57.0191 7996 Schedule - ok
22:12:57.0231 7996 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:12:57.0231 7996 SCPolicySvc - ok
22:12:57.0281 7996 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
22:12:57.0291 7996 sdbus - ok
22:12:57.0331 7996 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:12:57.0341 7996 SDRSVC - ok
22:12:57.0371 7996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:12:57.0381 7996 secdrv - ok
22:12:57.0401 7996 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:12:57.0411 7996 seclogon - ok
22:12:57.0421 7996 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:12:57.0421 7996 SENS - ok
22:12:57.0461 7996 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:12:57.0471 7996 SensrSvc - ok
22:12:57.0501 7996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:12:57.0501 7996 Serenum - ok
22:12:57.0541 7996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:12:57.0551 7996 Serial - ok
22:12:57.0581 7996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:12:57.0581 7996 sermouse - ok
22:12:57.0641 7996 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:12:57.0651 7996 SessionEnv - ok
22:12:57.0671 7996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:12:57.0671 7996 sffdisk - ok
22:12:57.0711 7996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:12:57.0711 7996 sffp_mmc - ok
22:12:57.0721 7996 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:12:57.0721 7996 sffp_sd - ok
22:12:57.0741 7996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:12:57.0741 7996 sfloppy - ok
22:12:57.0841 7996 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
22:12:57.0851 7996 Sftfs - ok
22:12:58.0001 7996 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:12:58.0011 7996 sftlist - ok
22:12:58.0071 7996 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
22:12:58.0071 7996 Sftplay - ok
22:12:58.0091 7996 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
22:12:58.0091 7996 Sftredir - ok
22:12:58.0121 7996 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
22:12:58.0131 7996 Sftvol - ok
22:12:58.0211 7996 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:12:58.0221 7996 sftvsa - ok
22:12:58.0321 7996 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:12:58.0331 7996 ShellHWDetection - ok
22:12:58.0381 7996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:12:58.0381 7996 SiSRaid2 - ok
22:12:58.0411 7996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:12:58.0421 7996 SiSRaid4 - ok
22:12:59.0011 7996 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:12:59.0071 7996 Skype C2C Service - ok
22:12:59.0191 7996 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:12:59.0191 7996 SkypeUpdate - ok
22:12:59.0481 7996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:12:59.0481 7996 Smb - ok
22:12:59.0551 7996 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:12:59.0561 7996 SNMPTRAP - ok
22:12:59.0641 7996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:12:59.0641 7996 spldr - ok
22:12:59.0721 7996 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:12:59.0751 7996 Spooler - ok
22:13:00.0212 7996 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:13:00.0352 7996 sppsvc - ok
22:13:00.0492 7996 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:13:00.0502 7996 sppuinotify - ok
22:13:00.0692 7996 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
22:13:00.0702 7996 SRTSP - ok
22:13:00.0732 7996 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
22:13:00.0742 7996 SRTSPX - ok
22:13:00.0872 7996 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:13:00.0902 7996 srv - ok
22:13:01.0012 7996 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:13:01.0022 7996 srv2 - ok
22:13:01.0092 7996 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:13:01.0092 7996 srvnet - ok
22:13:01.0182 7996 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:13:01.0192 7996 SSDPSRV - ok
22:13:01.0212 7996 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:13:01.0222 7996 SstpSvc - ok
22:13:01.0242 7996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:13:01.0252 7996 stexstor - ok
22:13:01.0362 7996 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:13:01.0382 7996 stisvc - ok
22:13:01.0402 7996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
22:13:01.0412 7996 swenum - ok
22:13:01.0572 7996 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:13:01.0592 7996 swprv - ok
22:13:01.0742 7996 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
22:13:01.0752 7996 SymDS - ok
22:13:01.0872 7996 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
22:13:01.0882 7996 SymEFA - ok
22:13:01.0932 7996 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
22:13:01.0942 7996 SymEvent - ok
22:13:02.0053 7996 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
22:13:02.0063 7996 SymIRON - ok
22:13:02.0123 7996 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
22:13:02.0133 7996 SymNetS - ok
22:13:02.0303 7996 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
22:13:02.0323 7996 SynTP - ok
22:13:02.0623 7996 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:13:02.0663 7996 SysMain - ok
22:13:02.0861 7996 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:13:02.0877 7996 TabletInputService - ok
22:13:02.0955 7996 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:13:02.0970 7996 TapiSrv - ok
22:13:03.0033 7996 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:13:03.0033 7996 TBS - ok
22:13:03.0360 7996 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:13:03.0376 7996 Tcpip - ok
22:13:03.0750 7996 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:13:03.0782 7996 TCPIP6 - ok
22:13:03.0938 7996 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:13:03.0938 7996 tcpipreg - ok
22:13:04.0019 7996 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:13:04.0019 7996 tdcmdpst - ok
22:13:04.0049 7996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:13:04.0049 7996 TDPIPE - ok
22:13:04.0099 7996 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:13:04.0119 7996 TDTCP - ok
22:13:04.0169 7996 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:13:04.0169 7996 tdx - ok
22:13:04.0209 7996 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
22:13:04.0219 7996 TermDD - ok
22:13:04.0369 7996 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:13:04.0389 7996 TermService - ok
22:13:04.0409 7996 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:13:04.0419 7996 Themes - ok
22:13:04.0549 7996 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
22:13:04.0549 7996 Thpdrv - ok
22:13:04.0579 7996 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
22:13:04.0589 7996 Thpevm - ok
22:13:04.0659 7996 Thpsrv (9b032a63a0553a2d872815c64a0288be) C:\windows\system32\ThpSrv.exe
22:13:04.0679 7996 Thpsrv - ok
22:13:04.0709 7996 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:13:04.0709 7996 THREADORDER - ok
22:13:04.0969 7996 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:13:04.0969 7996 TMachInfo - ok
22:13:05.0059 7996 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
22:13:05.0070 7996 TODDSrv - ok
22:13:05.0320 7996 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:13:05.0330 7996 TosCoSrv - ok
22:13:05.0410 7996 TOSHIBA eco Utility Service (d33d5588576b04fc489dccc66e98f546) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:13:05.0420 7996 TOSHIBA eco Utility Service - ok
22:13:05.0490 7996 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:13:05.0500 7996 TOSHIBA HDD SSD Alert Service - ok
22:13:05.0620 7996 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:13:05.0630 7996 tos_sps64 - ok
22:13:05.0750 7996 TPCHSrv (d65c6b0c070534336b72005391b6168a) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:13:05.0760 7996 TPCHSrv - ok
22:13:05.0910 7996 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:13:05.0910 7996 TrkWks - ok
22:13:05.0980 7996 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:13:05.0980 7996 TrustedInstaller - ok
22:13:06.0060 7996 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:13:06.0070 7996 tssecsrv - ok
22:13:06.0100 7996 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:13:06.0110 7996 TsUsbFlt - ok
22:13:06.0130 7996 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:13:06.0130 7996 TsUsbGD - ok
22:13:06.0180 7996 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:13:06.0190 7996 tunnel - ok
22:13:06.0220 7996 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:13:06.0220 7996 TVALZ - ok
22:13:06.0260 7996 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:13:06.0260 7996 TVALZFL - ok
22:13:06.0330 7996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:13:06.0330 7996 uagp35 - ok
22:13:06.0410 7996 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:13:06.0420 7996 udfs - ok
22:13:06.0460 7996 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:13:06.0460 7996 UI0Detect - ok
22:13:06.0490 7996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:13:06.0490 7996 uliagpkx - ok
22:13:06.0540 7996 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:13:06.0540 7996 umbus - ok
22:13:06.0610 7996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:13:06.0610 7996 UmPass - ok
22:13:07.0073 7996 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:13:07.0151 7996 UNS - ok
22:13:07.0338 7996 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:13:07.0353 7996 upnphost - ok
22:13:07.0431 7996 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
22:13:07.0431 7996 USBAAPL64 - ok
22:13:07.0478 7996 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:13:07.0494 7996 usbccgp - ok
22:13:07.0525 7996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:13:07.0541 7996 usbcir - ok
22:13:07.0629 7996 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
22:13:07.0629 7996 usbehci - ok
22:13:07.0699 7996 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:13:07.0709 7996 usbhub - ok
22:13:07.0739 7996 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:13:07.0739 7996 usbohci - ok
22:13:07.0779 7996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:13:07.0789 7996 usbprint - ok
22:13:07.0839 7996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:13:07.0839 7996 usbscan - ok
22:13:07.0879 7996 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:13:07.0909 7996 USBSTOR - ok
22:13:07.0959 7996 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:13:07.0969 7996 usbuhci - ok
22:13:08.0039 7996 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:13:08.0049 7996 usbvideo - ok
22:13:08.0099 7996 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:13:08.0109 7996 UxSms - ok
22:13:08.0179 7996 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:13:08.0179 7996 VaultSvc - ok
22:13:08.0229 7996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:13:08.0229 7996 vdrvroot - ok
22:13:08.0409 7996 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:13:08.0419 7996 vds - ok
22:13:08.0469 7996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:13:08.0469 7996 vga - ok
22:13:08.0499 7996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:13:08.0499 7996 VgaSave - ok
22:13:08.0549 7996 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:13:08.0549 7996 vhdmp - ok
22:13:08.0579 7996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:13:08.0589 7996 viaide - ok
22:13:08.0609 7996 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:13:08.0609 7996 volmgr - ok
22:13:08.0669 7996 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:13:08.0679 7996 volmgrx - ok
22:13:08.0749 7996 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:13:08.0759 7996 volsnap - ok
22:13:08.0839 7996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:13:08.0839 7996 vsmraid - ok
22:13:09.0039 7996 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:13:09.0079 7996 VSS - ok
22:13:09.0219 7996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:13:09.0219 7996 vwifibus - ok
22:13:09.0259 7996 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:13:09.0259 7996 vwififlt - ok
22:13:09.0299 7996 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:13:09.0299 7996 vwifimp - ok
22:13:09.0459 7996 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:13:09.0469 7996 W32Time - ok
22:13:09.0489 7996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:13:09.0499 7996 WacomPen - ok
22:13:09.0549 7996 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:13:09.0559 7996 WANARP - ok
22:13:09.0569 7996 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:13:09.0569 7996 Wanarpv6 - ok
22:13:09.0809 7996 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:13:09.0839 7996 WatAdminSvc - ok
22:13:10.0049 7996 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:13:10.0079 7996 wbengine - ok
22:13:10.0240 7996 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:13:10.0240 7996 WbioSrvc - ok
22:13:10.0300 7996 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:13:10.0310 7996 wcncsvc - ok
22:13:10.0330 7996 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:13:10.0340 7996 WcsPlugInService - ok
22:13:10.0400 7996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:13:10.0410 7996 Wd - ok
22:13:10.0490 7996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:13:10.0500 7996 Wdf01000 - ok
22:13:10.0530 7996 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:13:10.0540 7996 WdiServiceHost - ok
22:13:10.0550 7996 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:13:10.0560 7996 WdiSystemHost - ok
22:13:10.0600 7996 wdkmd (5e1640435dd54d00451156ca5340b109) C:\windows\system32\DRIVERS\WDKMD.sys
22:13:10.0600 7996 wdkmd - ok
22:13:10.0680 7996 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:13:10.0690 7996 WebClient - ok
22:13:10.0760 7996 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:13:10.0770 7996 Wecsvc - ok
22:13:10.0840 7996 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:13:10.0850 7996 wercplsupport - ok
22:13:10.0910 7996 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:13:10.0910 7996 WerSvc - ok
22:13:11.0030 7996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:13:11.0030 7996 WfpLwf - ok
22:13:11.0290 7996 WiMAXAppSrv (64de79bf805724f0606fe7b3b2f13784) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
22:13:11.0310 7996 WiMAXAppSrv - ok
22:13:11.0340 7996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:13:11.0340 7996 WIMMount - ok
22:13:11.0360 7996 WinHttpAutoProxySvc - ok
22:13:11.0510 7996 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:13:11.0510 7996 Winmgmt - ok
22:13:11.0780 7996 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:13:11.0860 7996 WinRM - ok
22:13:12.0040 7996 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:13:12.0040 7996 WinUsb - ok
22:13:12.0200 7996 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:13:12.0220 7996 Wlansvc - ok
22:13:12.0330 7996 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:13:12.0330 7996 wlcrasvc - ok
22:13:12.0810 7996 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:13:12.0900 7996 wlidsvc - ok
22:13:13.0110 7996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:13:13.0110 7996 WmiAcpi - ok
22:13:13.0260 7996 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:13:13.0270 7996 wmiApSrv - ok
22:13:13.0400 7996 WMPNetworkSvc - ok
22:13:13.0470 7996 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:13:13.0480 7996 WPCSvc - ok
22:13:13.0530 7996 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:13:13.0540 7996 WPDBusEnum - ok
22:13:13.0570 7996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:13:13.0570 7996 ws2ifsl - ok
22:13:13.0580 7996 WSearch - ok
22:13:14.0040 7996 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:13:14.0130 7996 wuauserv - ok
22:13:14.0281 7996 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:13:14.0281 7996 WudfPf - ok
22:13:14.0328 7996 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:13:14.0328 7996 WUDFRd - ok
22:13:14.0359 7996 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:13:14.0375 7996 wudfsvc - ok
22:13:14.0437 7996 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:13:14.0447 7996 WwanSvc - ok
22:13:14.0497 7996 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:13:14.0547 7996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:13:14.0547 7996 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:13:14.0577 7996 Boot (0x1200) (e920aea737fd2a6994e32745ed31703c) \Device\Harddisk0\DR0\Partition0
22:13:14.0587 7996 \Device\Harddisk0\DR0\Partition0 - ok
22:13:14.0587 7996 ============================================================
22:13:14.0587 7996 Scan finished
22:13:14.0587 7996 ============================================================
22:13:14.0607 7520 Detected object count: 1
22:13:14.0607 7520 Actual detected object count: 1
22:13:30.0366 7520 \Device\Harddisk0\DR0\# - copied to quarantine
22:13:30.0366 7520 \Device\Harddisk0\DR0 - copied to quarantine
22:13:30.0476 7520 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:13:30.0476 7520 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:13:30.0486 7520 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:13:30.0496 7520 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:13:30.0526 7520 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:13:30.0546 7520 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:13:30.0546 7520 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:13:30.0546 7520 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:13:30.0556 7520 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:13:30.0556 7520 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:13:30.0566 7520 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:13:30.0566 7520 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:13:30.0576 7520 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:13:30.0576 7520 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:13:30.0606 7520 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:13:30.0646 7520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:13:30.0696 7520 \Device\Harddisk0\DR0 - ok
22:13:31.0283 7520 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:13:48.0240 7256 Deinitialize success
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fai :: FAI-PC [administrator]

8/8/2012 10:34:37 PM
mbam-log-2012-08-08 (22-40-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202312
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
 
Your log says "No action taken".
Re-run MBAM, fix the issue and post new log.

Next....

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fai :: FAI-PC [administrator]

8/9/2012 6:57:22 AM
mbam-log-2012-08-09 (06-57-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202742
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/09/2012 07:11:02 AM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Fai\Desktop\rkill-backup\rkill-08-09-2012-07-11-12.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/09/2012 07:11:31 AM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I am unable to disable my firewall. It does not have the turn on and off option like in the list. When I press use recommended setting. It said "window firewall can't change some of your settings. Error Code 0x80070424
 
There is nothing in my instructions about disabling firewall.
In fact, NEVER disable your firewall.
 
I used appremover to uninstall avg but after reboot it is still there, when I click on it in the system tray, it said I am not fully protected and some of the feature is disable. What do I do now? thank you
 
After Combo Fix finish, this pop up as a security alert "Akamai NetSession Client" Path C:\users\fai\appdata\local\akamai\netsession_win.exe
Is this done by combo fix?
ComboFix 12-08-09.01 - Fai 08/09/2012 13:43:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4373 [GMT -4:00]
Running from: c:\users\Fai\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\programdata\Roaming
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome.manifest
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\background.html
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\browser.xul
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\crossrider.js
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\crossriderapi.js
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\dialog.js
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\options.js
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\options.xul
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\search_dialog.xul
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\update.html
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\defaults\preferences\prefs.js
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\install.rdf
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\locale\en-US\translations.dtd
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\button1.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\button2.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\button3.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\button4.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\button5.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\crossrider_statusbar.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\icon128.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\icon16.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\icon24.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\icon48.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\panelarrow-up.png
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\popup.css
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\popup.html
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\popup_binding.xml
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\skin.css
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\crossriderapp4493@crossrider.com\skin\update.css
c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\searchplugins\bing-zugo.xml
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 18:07 . 2012-08-09 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 17:04 . 2012-08-09 17:04 -------- d-----w- c:\users\Fai\AppData\Roaming\AVG2012
2012-08-09 02:13 . 2012-08-09 02:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-07 03:27 . 2012-08-07 03:27 -------- d-----w- c:\users\Fai\AppData\Local\Eraser 6
2012-08-05 13:23 . 2012-08-05 13:23 -------- d-----w- c:\program files\Eraser
2012-08-03 11:52 . 2012-08-03 11:52 -------- d-----w- c:\users\Fai\AppData\Local\Aeria Games
2012-08-03 11:50 . 2012-08-03 11:50 -------- d-----w- c:\programdata\Aeria Games
2012-07-31 14:16 . 2012-07-31 14:16 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-31 14:15 . 2012-07-31 14:15 -------- d-----w- c:\program files (x86)\Aeria Games
2012-07-31 12:41 . 2012-07-31 12:41 -------- d-----w- c:\users\Fai\AppData\Local\Akamai
2012-07-31 12:41 . 2012-07-31 14:16 -------- d-----w- C:\AeriaGames
2012-07-31 12:09 . 2010-07-27 20:13 27136 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2012-07-31 12:09 . 2010-03-24 20:57 713312 ----a-w- c:\windows\SysWow64\ijjiSetup.exe
2012-07-31 12:09 . 2010-03-24 20:56 62048 ----a-w- c:\windows\SysWow64\ijjiProcessRestarter.exe
2012-07-31 00:26 . 2012-07-31 00:38 -------- d-----w- c:\users\Fai\AppData\Roaming\Wise Registry Cleaner
2012-07-31 00:24 . 2012-07-31 00:24 -------- d-----w- c:\program files (x86)\Wise
2012-07-22 23:43 . 2012-02-02 22:50 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys
2012-07-22 23:43 . 2012-02-02 22:50 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2012-07-21 03:49 . 2012-07-21 03:49 -------- d-----w- c:\windows\Sun
2012-07-21 03:02 . 2012-07-21 03:03 -------- d-----w- c:\program files (x86)\Free Hide Folder
2012-07-21 02:49 . 2012-07-21 02:49 -------- d-----w- c:\users\Fai\AppData\Roaming\Groovedown
2012-07-21 02:47 . 2012-07-21 02:47 -------- d-----w- c:\program files\Browser Cleaner
2012-07-21 02:46 . 2012-07-21 02:46 -------- d-----w- c:\users\Fai\AppData\Local\Coupon Companion
2012-07-21 02:46 . 2012-07-27 22:36 -------- d-----w- c:\program files (x86)\Coupon Companion
2012-07-21 02:28 . 2010-07-28 22:14 22016 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
2012-07-21 02:28 . 2012-07-21 02:28 -------- d-----w- c:\programdata\ijjigame
2012-07-21 02:14 . 2012-08-03 11:46 -------- d-----w- c:\program files (x86)\REACTOR
2012-07-20 12:44 . 2012-07-28 11:10 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-20 12:44 . 2012-07-20 12:44 -------- d-----w- c:\users\Fai\Corel
2012-07-18 01:47 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-07-18 01:46 . 2012-07-18 01:46 -------- d-----w- c:\windows\SysWow64\xlive
2012-07-18 01:46 . 2012-07-18 01:46 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-07-11 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 01:43 . 2012-07-15 06:59 -------- d-----w- c:\users\Fai\AppData\Roaming\2K Sports
2012-07-11 00:50 . 2012-07-11 00:50 -------- d-----w- c:\users\Fai\AppData\Roaming\TuneUp Software
2012-07-11 00:50 . 2012-07-11 00:51 -------- d-----w- c:\programdata\TuneUp Software
2012-07-11 00:49 . 2012-07-11 00:49 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-11 00:48 . 2012-07-11 00:48 -------- d-----w- c:\users\Fai\AppData\Roaming\OpenCandy
2012-07-11 00:48 . 2012-07-11 00:48 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-11 00:47 . 2012-07-11 00:53 -------- d-----w- c:\users\Fai\AppData\Roaming\DAEMON Tools Lite
2012-07-11 00:47 . 2012-07-11 00:48 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-07-11 00:42 . 2012-07-11 00:53 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-07-11 00:34 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 13:27 . 2012-03-31 12:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 13:27 . 2011-10-09 00:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 21:13 . 2012-05-11 22:53 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-11 07:01 . 2011-11-07 14:13 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2012-05-24 13:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 04:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 04:05 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 04:05 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 04:05 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 04:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 04:05 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 04:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 04:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 04:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 12:21 . 2012-01-16 14:18 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-31 12:21 . 2012-01-16 14:18 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-15 04:01 . 2012-06-13 10:23 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 10:23 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 10:23 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-26 39408]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-04-12 109296]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Akamai NetSession Interface"="c:\users\Fai\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-31 296056]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2012-07-20 1403032]
.
c:\users\Fai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-11 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-02-17 75264]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-02-17 174080]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-02-17 81920]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-07-26 20592]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-25 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:27]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 04:32]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 04:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-02 1617920]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=A6CB86F7385B0EC8520F084FD3E3389C&tbp=homepage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Free YouTube Download - c:\users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z129&install_date=20111108
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-NIS - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\18.7.2.3\InstStub.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-09 14:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-09 18:23
.
Pre-Run: 294,870,294,528 bytes free
Post-Run: 302,045,540,352 bytes free
.
- - End Of File - - 97B401200A2282A64EBF5ED4C51B0878
 
Looks good :)

Any current issues?

====================================

You're running two AV programs, AVG and Norton.
You either keep AVG off and keep Norton or you can reinstall AVG and remove Norton using this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html
Let me know which way you're going to go.

Next....

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer is good right now. I decided to delete norton and reinstall AVG
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Fai :: FAI-PC [administrator]

8/9/2012 4:25:26 PM
mbam-log-2012-08-09 (16-25-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201370
Time elapsed: 20 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
OTL logfile created on: 8/9/2012 4:52:58 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Fai\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 70.53% Memory free
11.82 Gb Paging File | 9.87 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.59 Gb Total Space | 281.02 Gb Free Space | 48.40% Space Free | Partition Type: NTFS

Computer Name: FAI-PC | User Name: Fai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 16:34:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fai\Desktop\OTL.exe
PRC - [2012/07/20 00:37:03 | 001,403,032 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/31 08:21:17 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/26 06:32:44 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Fai\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/03 14:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/04/11 20:57:16 | 000,109,296 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/21 15:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/25 19:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\widimon\widimon.exe
PRC - [2010/08/16 13:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
PRC - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 10:02:33 | 018,000,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 10:02:13 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 10:02:07 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:01:57 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 10:01:53 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/06/06 22:33:50 | 000,787,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012/06/06 22:33:50 | 000,649,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012/06/06 22:33:50 | 000,236,032 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.Wrapper.dll
MOD - [2012/06/06 22:33:48 | 002,647,040 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/06/06 22:33:25 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/06/06 11:35:11 | 006,815,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/06/06 11:35:06 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/06/06 11:33:00 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/06/06 11:32:57 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/06/06 11:32:53 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/06/06 11:32:47 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/06/06 11:32:40 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/20 19:11:50 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/12/15 16:16:32 | 000,516,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/27 14:15:36 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/02/27 14:09:36 | 000,885,248 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/01/05 16:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 16:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 16:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/24 23:14:38 | 000,526,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/12/20 21:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/12/09 20:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 18:55:26 | 000,267,192 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/12/08 18:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/04 09:27:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 00:58:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/25 07:27:00 | 004,687,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 16:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/10 20:48:32 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/07/26 00:12:14 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/04/04 23:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:00:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/02/17 15:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/02/17 15:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/02/17 15:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 19:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/13 22:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 14:29:00 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/25 13:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 13:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=c3348d...A6CB86F7385B0EC8520F084FD3E3389C&tbp=homepage
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\SearchScopes,DefaultScope = {0D6FABB6-5892-4238-ACF2-3654E7362BFC}
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\SearchScopes\{0D6FABB6-5892-4238-ACF2-3654E7362BFC}: "URL" = http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS456
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...B86F7385B0EC8520F084FD3E3389C&q={searchTerms}
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searc...install_date=20111108&iesrc={referrer:source}
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z129&install_date=20111108"
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I'm+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Fai\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/08/09 16:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 08:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/04/11 20:57:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/31 08:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/09 16:11:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/31 08:09:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/31 08:09:58 | 000,000,000 | ---D | M]

[2011/09/12 20:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fai\AppData\Roaming\Mozilla\Extensions
[2012/08/03 09:30:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions
[2011/12/30 23:20:38 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Fai\AppData\Roaming\Mozilla\Firefox\Profiles\vhgrwkkc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/06/13 06:31:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/22 07:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/31 08:21:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/22 08:09:00 | 000,698,987 | ---- | M] () (No name found) -- C:\USERS\FAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VHGRWKKC.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
[2012/07/20 00:58:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2010/07/28 18:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/06/18 20:15:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/24 11:14:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/06/18 20:15:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://blekko.com/ws/?source=c3348d...A6CB86F7385B0EC8520F084FD3E3389C&tbp=homepage
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws/?source=c3348d...B86F7385B0EC8520F084FD3E3389C&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://blekko.com/ws/?source=c3348d...A6CB86F7385B0EC8520F084FD3E3389C&tbp=homepage
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Fast save = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfkiaobfenhgcbneoglmfkffbimeclo\1.1_0\
CHR - Extension: Google Search = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Coupon Companion = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.19.18_0\crossrider
CHR - Extension: Coupon Companion = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.19.18_0\
CHR - Extension: Gmail = C:\Users\Fai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/09 14:10:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
 
O3:64bit: - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000..\Run: [Akamai NetSession Interface] C:\Users\Fai\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Fai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-417512784-3164192315-1356080502-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E4F5B9C-AA20-43E7-BF1C-DAAE23822ECF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 16:34:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Fai\Desktop\OTL.exe
[2012/08/09 16:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/09 16:10:54 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/09 14:27:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/09 14:23:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/09 13:42:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/09 13:42:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/09 13:42:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/09 13:33:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/09 13:33:34 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/09 13:04:29 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\AVG2012
[2012/08/09 12:12:37 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Fai\Desktop\ComboFix.exe
[2012/08/09 07:11:12 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\rkill-backup
[2012/08/09 07:09:03 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Fai\Desktop\rkill.exe
[2012/08/08 22:13:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/08 22:11:32 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\New folder (2)
[2012/08/06 23:27:14 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Local\Eraser 6
[2012/08/05 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012/08/03 07:52:18 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Local\Aeria Games
[2012/08/03 07:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/07/31 10:16:03 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\AI_RecycleBin
[2012/07/31 10:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/07/31 10:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/07/31 08:41:16 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Local\Akamai
[2012/07/31 08:41:15 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2012/07/31 08:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2012/07/31 08:09:58 | 000,713,312 | ---- | C] (NHN USA) -- C:\windows\SysWow64\ijjiSetup.exe
[2012/07/31 08:09:58 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\windows\SysWow64\ijjiProcessRestarter.exe
[2012/07/30 20:26:07 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\Wise Registry Cleaner
[2012/07/30 20:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2012/07/30 20:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2012/07/26 06:28:48 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/07/23 07:15:33 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\New folder
[2012/07/22 19:43:28 | 000,004,774 | ---- | C] (INCA Internet Co., Ltd.) -- C:\windows\SysWow64\npptNT2.sys
[2012/07/21 08:05:25 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\Photo
[2012/07/20 23:49:17 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/07/20 23:21:38 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\Big Bang Theory Video+Audio
[2012/07/20 23:02:45 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2012/07/20 23:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2012/07/20 23:02:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Hide Folder
[2012/07/20 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\PC Games
[2012/07/20 22:49:15 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\Groovedown
[2012/07/20 22:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrooveDown
[2012/07/20 22:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Browser Cleaner
[2012/07/20 22:46:08 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Local\Coupon Companion
[2012/07/20 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion
[2012/07/20 22:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ijjigame
[2012/07/20 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REACTOR
[2012/07/20 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\New folder (3)
[2012/07/20 19:32:31 | 000,000,000 | ---D | C] -- C:\Users\Fai\Documents\CAPCOM
[2012/07/20 15:05:38 | 000,000,000 | ---D | C] -- C:\Users\Fai\Desktop\direct sup
[2012/07/20 08:44:05 | 000,000,000 | ---D | C] -- C:\Users\Fai\Corel
[2012/07/17 21:46:53 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
[2012/07/17 21:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/07/17 21:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/07/10 21:43:47 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\2K Sports
[2012/07/10 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\2K Sports
[2012/07/10 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\TuneUp Software
[2012/07/10 20:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/07/10 20:49:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/07/10 20:48:15 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\OpenCandy
[2012/07/10 20:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/07/10 20:48:08 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/10 20:47:54 | 000,000,000 | ---D | C] -- C:\Users\Fai\AppData\Roaming\DAEMON Tools Lite
[2012/07/10 20:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/07/10 20:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 16:51:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/09 16:34:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Fai\Desktop\OTL.exe
[2012/08/09 16:27:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 16:20:30 | 065,028,564 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/08/09 16:16:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 16:11:48 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/09 15:58:13 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 15:58:13 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 15:51:32 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 15:49:48 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 14:10:45 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/08/09 12:12:45 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Fai\Desktop\ComboFix.exe
[2012/08/09 07:09:05 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Fai\Desktop\rkill.exe
[2012/08/07 21:00:16 | 000,780,172 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/07 21:00:16 | 000,660,990 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/07 21:00:16 | 000,121,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/05 09:23:56 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012/08/03 16:22:47 | 000,001,885 | ---- | M] () -- C:\Users\Fai\Desktop\1.L&M Guitar Manual - Shortcut.lnk
[2012/07/31 10:41:20 | 000,001,613 | ---- | M] () -- C:\Users\Fai\Desktop\Alliance of Valiant Arms.lnk
[2012/07/31 10:16:02 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/07/31 08:10:50 | 000,001,940 | ---- | M] () -- C:\Users\Fai\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2012/07/30 20:24:38 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012/07/29 18:15:28 | 000,351,550 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/28 07:10:14 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/27 16:58:18 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/26 06:28:42 | 515,732,364 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/23 06:16:08 | 000,300,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/21 07:18:38 | 000,168,486 | ---- | M] () -- C:\windows\SysWow64\wbers.dat.dmp
[2012/07/17 02:02:39 | 000,774,388 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012/07/10 20:48:32 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/07/10 20:48:09 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 13:42:03 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/09 13:42:03 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/09 13:42:03 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/09 13:42:03 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/09 13:42:03 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/05 09:23:54 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012/08/05 09:23:51 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012/08/03 16:22:47 | 000,001,885 | ---- | C] () -- C:\Users\Fai\Desktop\1.L&M Guitar Manual - Shortcut.lnk
[2012/07/31 10:41:20 | 000,001,613 | ---- | C] () -- C:\Users\Fai\Desktop\Alliance of Valiant Arms.lnk
[2012/07/31 10:16:01 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2012/07/31 08:10:48 | 000,001,940 | ---- | C] () -- C:\Users\Fai\Application Data\Microsoft\Internet Explorer\Quick Launch\ijji REACTOR.lnk
[2012/07/30 20:24:38 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2012/07/26 06:28:42 | 515,732,364 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/07/22 19:43:27 | 000,005,265 | ---- | C] () -- C:\windows\SysWow64\nppt9x.vxd
[2012/07/20 22:39:28 | 000,168,486 | ---- | C] () -- C:\windows\SysWow64\wbers.dat.dmp
[2012/07/20 08:44:07 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/10 20:48:08 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/04/29 10:56:49 | 000,002,048 | -HS- | C] () -- C:\windows\SysWOW64\config\systemprofile\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@
[2012/04/29 10:56:49 | 000,002,048 | -HS- | C] () -- C:\windows\System32\config\systemprofile\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@
[2011/11/16 21:16:49 | 000,007,680 | ---- | C] () -- C:\Users\Fai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 18:26:15 | 000,774,388 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/04/04 23:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 23:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 23:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 15:09:58 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2012/07/15 02:59:24 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\2K Sports
[2012/08/09 13:04:29 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\AVG2012
[2012/06/05 11:23:16 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Book Place
[2011/11/03 15:05:24 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Crayon Physics Deluxe
[2012/07/10 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\DAEMON Tools Lite
[2012/07/23 07:16:55 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\DVDVideoSoft
[2012/07/21 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/01/15 11:11:01 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\GrabPro
[2012/07/20 22:49:29 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Groovedown
[2012/06/23 06:39:02 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\gulong
[2012/05/09 11:22:01 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\ImgBurn
[2012/01/16 19:01:57 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Machete
[2012/01/16 18:59:54 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Machete Lite
[2012/07/20 22:29:32 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\NeopleLauncherDFO
[2012/07/10 20:48:27 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\OpenCandy
[2011/11/10 17:43:25 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\OpenOffice.org
[2012/01/16 00:04:53 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Orbit
[2012/01/15 11:11:04 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\ProgSense
[2012/08/02 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\SoftGrid Client
[2012/03/24 11:26:37 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Toshiba
[2011/09/14 18:27:33 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\TP
[2012/07/10 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\TuneUp Software
[2011/11/24 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Unity
[2012/08/09 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\uTorrent
[2011/09/12 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\WinBatch
[2012/07/30 20:38:15 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\Wise Registry Cleaner
[2012/07/03 01:05:42 | 000,000,000 | ---D | M] -- C:\Users\Fai\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
[2012/07/20 23:52:25 | 000,032,596 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/10/24 08:58:45 | 000,678,885 | ---- | M] ()(C:\Users\Fai\Desktop\???????.docx) -- C:\Users\Fai\Desktop\多情劍客無情劍.docx
[2011/10/24 08:58:43 | 000,678,885 | ---- | C] ()(C:\Users\Fai\Desktop\???????.docx) -- C:\Users\Fai\Desktop\多情劍客無情劍.docx

< End of report >
OTL Extras logfile created on: 8/9/2012 4:52:58 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Fai\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 70.53% Memory free
11.82 Gb Paging File | 9.87 Gb Available in Paging File | 83.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 580.59 Gb Total Space | 281.02 Gb Free Space | 48.40% Space Free | Partition Type: NTFS

Computer Name: FAI-PC | User Name: Fai | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-417512784-3164192315-1356080502-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CDC647F-AD36-4AD7-9CAC-933E787EB464}" = protocol=6 | dir=in | app=c:\users\fai\appdata\local\temp\7zsb26e.tmp\symnrt.exe |
"{284E1C54-139B-4341-AD5A-1B34D2AA7AC7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51CD245D-125D-4909-9628-C3CA00A20642}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{52571DD5-BFEF-4ECF-BEB0-650504A00376}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61F5B5AB-75A4-4CFD-979B-6A408CCCF757}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81C83838-0145-429D-AFEE-F0B21EFD3C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C17C619B-2DE3-4686-9D32-CD3926E5B32E}" = protocol=17 | dir=in | app=c:\users\fai\appdata\local\temp\7zsb26e.tmp\symnrt.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8E055DC-D147-495C-A287-CD1F7C0C03C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E179C3B6-F29F-4FFD-89CF-19636C59CD74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F63AA5FD-ECF3-46E9-98D3-681DCC7B285E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{783A6475-C53F-411C-8CC7-B3CC3DEE13A1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{A3C3850B-55EC-493D-A391-55D57B3AA821}C:\users\fai\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fai\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1A594879-0ADD-4DE0-A70E-CE15BC90BF5C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{33FE7955-97E8-4392-8A55-5FEB6CCDAC6D}C:\users\fai\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fai\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
Back