Solved Trojan:WinNT/Simda.gen!A how to remove

[Communications]

Lately I have been having internet issues at home on my laptop. some pages I cant load, and what pages do load are redirected to ip adresses and freeze my computer. when I brows the web useing CyberGhost VPN everything works fine. I found a warning in my event viewer from Microsoft Antimaleware stating that it found the virus Trojan:WinNT/Simda.gen!A and is in file:_C:\Windows\System32\drivers\Wdf01000.sys. when I scanned the computer with Microsoft Security Essentials it found nothing, and AVG found nothing as well. I really dont want to go out and buy a new computer, so im hopeing someone here can help me out. thanks

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Communications]

Here is the Malwarebytes Anti-Malware log

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.19.01
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Matt :: MATT-PC [administrator]
Protection: Enabled
9/18/2012 11:29:46 PM
mbam-log-2012-09-18 (23-29-46).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 69867
Time elapsed: 52 minute(s), 12 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 26
HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
(end)

 

[Communications]

Here is from another scan the first scan was interupted, so I re did the scan and was completed.
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.19.01
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Matt :: MATT-PC [administrator]
Protection: Enabled
9/19/2012 12:43:22 AM
mbam-log-2012-09-19 (00-43-22).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359537
Time elapsed: 1 hour(s), 30 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

My antivirus (AVG) found nothing. and im going to do the GMER scan next and ill post the information. as far as a computer update the computer remains in the same state, and my ISP (RoadRunner) has done nothing but escallating my case to higher levels, as they dont know whats wrong either. im at work right now, I have slightly faster speeds, but im still unable to access sites such as google, and bing.

 

[Communications]

This is from the GMER scan...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-19 02:37:13
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS545025B9A300 rev.PB2OC64G
Running: gmer.exe; Driver: C:\Users\Matt\AppData\Local\Temp\kxldypow.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1164] 8679D0F4
---- EOF - GMER 1.0.15 ----

 

[Communications]

Here is the DDS report
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Matt at 2:39:57 on 2012-09-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.797 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskeng.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Enterasys Networks\NAC Agent\NacAgent.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\perfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.autocompletepro.com/?si=7148&bi=400
uStart Page = hxxp://www.facebook.com/home.php
uDefault_Page_URL = hxxp://www.maxiwe.com
uDefault_Search_URL = hxxp://search.autocompletepro.com/?si=7148&bi=400
uSearch Bar = hxxp://search.autocompletepro.com/?si=7148&bi=400
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = ftp=118.97.170.195:8080;http=118.97.170.195:8080;https=118.97.170.195:8080
uURLSearchHooks: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
uURLSearchHooks: H - No File
mURLSearchHooks: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\my.freeze.com netassistant\NetAssistant.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: 24MusicBar Toolbar: {54d0da58-64e7-4408-be1f-72659f70fcbe} - c:\program files\24musicbar\tb24Mu.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [CyberGhost VPN] "c:\program files\cyberghost vpn\Cyberghost.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\matt\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nacass~1.lnk - c:\program files\enterasys networks\nac agent\NacAgent.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://weather-port.southlewis.org/JpegInst.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.3.10.11 10.3.10.10
TCP: Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90} : DhcpNameServer = 10.3.10.11 10.3.10.10
TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\6627F6E64796562793644433 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\C4F6776796C6C6560235779647368627F6F6D6 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}\E4544574541425 : DhcpNameServer = 192.166.4.1
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKslbb0d9de2;MpKslbb0d9de2;c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\MpKslbb0d9de2.sys [2012-9-19 29904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-18 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-18 676936]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\cyberghost vpn\CGVPNCliService.exe [2012-3-28 2438696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-18 22856]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-18 167936]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-18 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);"c:\program files\google\update\googleupdate.exe" /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 usbanyka;USB Web Camera;c:\windows\system32\drivers\usbanyka.sys [2010-5-3 17536]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-28 1343400]
.
=============== Created Last 30 ================
.
2012-09-19 06:33:58 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\MpKslbb0d9de2.sys
2012-09-19 03:26:36 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2012-09-19 03:26:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 03:26:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 03:26:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-19 03:11:43 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0aeb009f-5841-49e0-8668-7ab4d4ffd310}\mpengine.dll
2012-09-17 18:55:10 -------- d-----w- c:\program files\Advanced Fix 2012
2012-09-17 17:09:04 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2012-09-17 17:09:03 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{912f016c-a6d6-4164-aeb8-42b2f56a93f3}\gapaengine.dll
2012-09-17 17:08:25 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-16 23:36:56 14664 ----a-w- c:\windows\stinger.sys
2012-09-16 23:35:54 -------- d-----w- c:\program files\stinger
2012-09-16 20:40:36 -------- d-----w- c:\users\matt\appdata\local\Mozilla
2012-09-16 19:10:30 -------- d-----w- c:\users\matt\appdata\roaming\SpeedyPC Software
2012-09-16 19:10:30 -------- d-----w- c:\users\matt\appdata\roaming\DriverCure
2012-09-16 19:09:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-09-16 09:21:08 -------- d-----w- c:\users\matt\appdata\roaming\TuneUp Software
2012-09-16 03:34:21 -------- d-----w- c:\users\matt\appdata\roaming\AVG2013
2012-09-16 03:26:25 -------- d-----w- c:\users\matt\appdata\local\MFAData
2012-09-16 03:26:25 -------- d-----w- c:\users\matt\appdata\local\Avg2013
2012-09-15 10:01:07 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cf150209-b4ad-4220-9477-c0c0a376de7c}\mpengine.dll
2012-09-14 23:20:01 110 ----a-w- c:\windows\system32\reem.bat
2012-09-12 15:25:35 -------- d-----w- c:\users\matt\appdata\roaming\S.A.D
2012-09-10 17:58:50 -------- d-----w- c:\users\matt\appdata\roaming\backup
.
==================== Find3M ====================
.
2012-09-15 10:13:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-15 10:13:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 2:41:01.20 ===============

 

[Communications]

I appreciate your time and effort you put into this, and your help is also greatly appreciated.

 

[Broni]

I still need Attach.txt part of DDS.

Next...

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=====================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Communications]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2010 6:42:11 PM
System Uptime: 9/19/2012 2:16:39 AM (0 hours ago)
.
Motherboard: TOSHIBA | | NBWAE
Processor: AMD Sempron(tm) SI-42 | Socket M2/S1G1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 152.917 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P2055dn
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2055dn
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP1003: 8/31/2012 3:13:36 PM - Scheduled Checkpoint
RP1004: 9/10/2012 1:49:51 PM - Removed ARC XT PRO for Uniden XT series
RP1005: 9/10/2012 1:57:15 PM - Installed ARC15PRO for Uniden BCT-15
RP1006: 9/13/2012 8:32:34 AM - Windows Update
RP1007: 9/14/2012 3:00:12 AM - Windows Update
RP1008: 9/14/2012 4:08:11 AM - Windows Update
RP1009: 9/14/2012 10:14:27 PM - Restore Operation
RP1010: 9/14/2012 10:24:05 PM - Windows Update
RP1011: 9/14/2012 10:37:54 PM - Restore Operation
RP1012: 9/14/2012 10:47:40 PM - Windows Update
RP1013: 9/14/2012 11:09:56 PM - Windows Update
RP1014: 9/15/2012 3:00:11 AM - Windows Update
RP1015: 9/15/2012 5:54:18 AM - Restore Operation
RP1016: 9/15/2012 6:07:56 AM - Windows Update
RP1017: 9/15/2012 6:14:46 AM - Windows Update
RP1018: 9/15/2012 11:28:37 PM - Installed AVG 2013
RP1019: 9/15/2012 11:29:27 PM - Installed AVG 2013
RP1020: 9/16/2012 3:00:11 AM - Windows Update
RP1021: 9/16/2012 3:23:32 PM - Removed Facebook Video Calling 1.2.0.159
RP1022: 9/17/2012 10:34:34 AM - Windows Update
RP1023: 9/17/2012 12:03:40 PM - Removed AVG 2013
RP1024: 9/17/2012 12:09:42 PM - Removed AVG 2013
RP1025: 9/17/2012 1:07:24 PM - Windows Update
RP1026: 9/18/2012 11:10:38 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3GP Player 2009
7-Zip 4.57
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
ARC XT for Uniden XT series
ARC XT PRO for Uniden XT series
ATI Catalyst Install Manager
AVG PC Tuneup 2011
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDDRV_Installer
Compatibility Pack for the 2007 Office system
CyberGhost VPN Patch 4.7.19
Destinations
DeviceDiscovery
DocProc
Enterasys NAC Assessment Agent
erLT
Fax
FrostWire 4.21.8
FrostWire 5.3.7
Google Update Helper
GPBaseService2
HP Driver Diagnostics
HPProductAssistant
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
KhalInstallWrapper
Label@Once 1.0
Logitech SetPoint
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MPM
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
Norton Internet Security
OGA Notifier 2.0.0048.0
PlayReady PC Runtime x86
Privacy SafeGuard version 1.0
ProductContext
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scan
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Trainz Simulator 2009: World Builder Edition
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Utility Common Driver
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/19/2012 2:19:25 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
9/19/2012 2:17:03 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
9/19/2012 2:17:03 AM, Error: atikmdag [43029] - Display is not active
9/18/2012 7:46:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/18/2012 7:41:58 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
9/18/2012 7:39:05 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/18/2012 6:42:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
9/18/2012 6:36:04 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 5:21:14 PM, Error: Service Control Manager [7034] - The HP Network Devices Support service terminated unexpectedly. It has done this 1 time(s).
9/18/2012 5:21:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1409.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80072ee2 Error description: The operation timed out
9/18/2012 10:59:46 PM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
9/17/2012 12:08:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.1738.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
9/17/2012 10:29:24 AM, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147017840
9/17/2012 10:28:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/17/2012 10:27:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/17/2012 10:27:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/15/2012 6:00:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/15/2012 6:00:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/15/2012 11:00:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/15/2012 11:00:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 9:55:02 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Matt-PC\Guest SID (S-1-5-21-1541042141-3281804592-2248747456-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/14/2012 7:50:15 PM, Error: Service Control Manager [7000] - The 3294 service failed to start due to the following error: The system cannot find the file specified.
9/14/2012 7:50:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 7:50:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 7:44:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/14/2012 7:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/14/2012 7:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/14/2012 7:43:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/14/2012 7:43:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/14/2012 7:43:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/14/2012 7:43:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2012 7:43:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/14/2012 7:37:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 7:37:26 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 7:23:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 7:23:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 7:19:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
9/14/2012 4:10:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 4:10:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 3:54:04 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/14/2012 3:46:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 3:46:34 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 3:43:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 3:43:50 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 10:52:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 10:52:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 10:44:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 10:44:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/14/2012 10:20:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/14/2012 10:20:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/13/2012 2:29:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/12/2012 2:20:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
9/12/2012 2:20:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
9/12/2012 1:59:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JAMES-UC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CD1D8390-CDF3-415C-8C70-19F314942. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

[Communications]

TDSS Killer produced 2 files...
13:05:35.0420 2676 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:05:35.0732 2676 ============================================================
13:05:35.0732 2676 Current date / time: 2012/09/20 13:05:35.0732
13:05:35.0732 2676 SystemInfo:
13:05:35.0732 2676
13:05:35.0732 2676 OS Version: 6.1.7600 ServicePack: 0.0
13:05:35.0732 2676 Product type: Workstation
13:05:35.0732 2676 ComputerName: MATT-PC
13:05:35.0732 2676 UserName: Matt
13:05:35.0732 2676 Windows directory: C:\windows
13:05:35.0732 2676 System windows directory: C:\windows
13:05:35.0732 2676 Processor architecture: Intel x86
13:05:35.0732 2676 Number of processors: 1
13:05:35.0732 2676 Page size: 0x1000
13:05:35.0732 2676 Boot type: Normal boot
13:05:35.0732 2676 ============================================================
13:05:37.0635 2676 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:05:37.0635 2676 ============================================================
13:05:37.0635 2676 \Device\Harddisk0\DR0:
13:05:37.0635 2676 MBR partitions:
13:05:37.0635 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
13:05:37.0635 2676 ============================================================
13:05:37.0651 2676 C: <-> \Device\Harddisk0\DR0\Partition1
13:05:37.0651 2676 ============================================================
13:05:37.0651 2676 Initialize success
13:05:37.0651 2676 ============================================================
13:05:46.0699 3784 ============================================================
13:05:46.0699 3784 Scan started
13:05:46.0699 3784 Mode: Manual;
13:05:46.0699 3784 ============================================================
13:05:47.0853 3784 ================ Scan system memory ========================
13:05:47.0853 3784 System memory - ok
13:05:47.0853 3784 ================ Scan services =============================
13:05:47.0978 3784 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
13:05:47.0978 3784 1394ohci - ok
13:05:48.0025 3784 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
13:05:48.0025 3784 ACPI - ok
13:05:48.0056 3784 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
13:05:48.0056 3784 AcpiPmi - ok
13:05:48.0150 3784 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:05:48.0150 3784 AdobeFlashPlayerUpdateSvc - ok
13:05:48.0212 3784 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:05:48.0212 3784 adp94xx - ok
13:05:48.0259 3784 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:05:48.0259 3784 adpahci - ok
13:05:48.0290 3784 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:05:48.0290 3784 adpu320 - ok
13:05:48.0337 3784 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:05:48.0337 3784 AeLookupSvc - ok
13:05:48.0415 3784 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
13:05:48.0415 3784 AFD - ok
13:05:48.0477 3784 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
13:05:48.0493 3784 AgereSoftModem - ok
13:05:48.0524 3784 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
13:05:48.0524 3784 agp440 - ok
13:05:48.0571 3784 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
13:05:48.0571 3784 aic78xx - ok
13:05:48.0633 3784 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
13:05:48.0633 3784 ALG - ok
13:05:48.0664 3784 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
13:05:48.0664 3784 aliide - ok
13:05:48.0727 3784 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
13:05:48.0742 3784 AMD External Events Utility - ok
13:05:48.0774 3784 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
13:05:48.0789 3784 amdagp - ok
13:05:48.0820 3784 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
13:05:48.0820 3784 amdide - ok
13:05:48.0867 3784 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:05:48.0867 3784 AmdK8 - ok
13:05:48.0930 3784 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:05:48.0930 3784 AmdPPM - ok
13:05:48.0976 3784 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
13:05:48.0976 3784 amdsata - ok
13:05:49.0008 3784 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:05:49.0008 3784 amdsbs - ok
13:05:49.0054 3784 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
13:05:49.0054 3784 amdxata - ok
13:05:49.0086 3784 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
13:05:49.0101 3784 AppID - ok
13:05:49.0132 3784 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:05:49.0132 3784 AppIDSvc - ok
13:05:49.0164 3784 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
13:05:49.0164 3784 Appinfo - ok
13:05:49.0210 3784 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
13:05:49.0210 3784 arc - ok
13:05:49.0226 3784 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:05:49.0242 3784 arcsas - ok
13:05:49.0273 3784 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:05:49.0273 3784 AsyncMac - ok
13:05:49.0288 3784 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
13:05:49.0288 3784 atapi - ok
13:05:49.0444 3784 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
13:05:49.0554 3784 atikmdag - ok
13:05:49.0616 3784 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
13:05:49.0616 3784 AtiPcie - ok
13:05:49.0678 3784 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:05:49.0694 3784 AudioEndpointBuilder - ok
13:05:49.0710 3784 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
13:05:49.0725 3784 Audiosrv - ok
13:05:49.0772 3784 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
13:05:49.0772 3784 AxInstSV - ok
13:05:49.0834 3784 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
13:05:49.0834 3784 b06bdrv - ok
13:05:49.0866 3784 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
13:05:49.0866 3784 b57nd60x - ok
13:05:49.0928 3784 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
13:05:49.0928 3784 BDESVC - ok
13:05:49.0944 3784 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
13:05:49.0944 3784 Beep - ok
13:05:50.0006 3784 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
13:05:50.0006 3784 BFE - ok
13:05:50.0068 3784 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
13:05:50.0068 3784 BITS - ok
13:05:50.0115 3784 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:05:50.0115 3784 blbdrive - ok
13:05:50.0178 3784 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:05:50.0178 3784 bowser - ok
13:05:50.0209 3784 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:05:50.0209 3784 BrFiltLo - ok
13:05:50.0240 3784 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:05:50.0240 3784 BrFiltUp - ok
13:05:50.0287 3784 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\windows\System32\browser.dll
13:05:50.0287 3784 Browser - ok
13:05:50.0349 3784 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:05:50.0349 3784 Brserid - ok
13:05:50.0380 3784 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:05:50.0380 3784 BrSerWdm - ok
13:05:50.0412 3784 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:05:50.0412 3784 BrUsbMdm - ok
13:05:50.0443 3784 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:05:50.0443 3784 BrUsbSer - ok
13:05:50.0458 3784 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:05:50.0474 3784 BTHMODEM - ok
13:05:50.0536 3784 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
13:05:50.0536 3784 bthserv - ok
13:05:50.0583 3784 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:05:50.0583 3784 cdfs - ok
13:05:50.0646 3784 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:05:50.0646 3784 cdrom - ok
13:05:50.0692 3784 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
13:05:50.0692 3784 CertPropSvc - ok
13:05:50.0817 3784 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
13:05:50.0817 3784 cfWiMAXService - ok
13:05:51.0020 3784 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
13:05:51.0036 3784 CGVPNCliSrvc - ok
13:05:51.0082 3784 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:05:51.0082 3784 circlass - ok
13:05:51.0129 3784 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
13:05:51.0129 3784 CLFS - ok
13:05:51.0207 3784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:05:51.0223 3784 clr_optimization_v2.0.50727_32 - ok
13:05:51.0254 3784 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:05:51.0254 3784 CmBatt - ok
13:05:51.0285 3784 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
13:05:51.0285 3784 cmdide - ok
13:05:51.0316 3784 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\windows\system32\Drivers\cng.sys
13:05:51.0316 3784 CNG - ok
13:05:51.0348 3784 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:05:51.0348 3784 Compbatt - ok
13:05:51.0394 3784 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
13:05:51.0394 3784 CompositeBus - ok
13:05:51.0426 3784 COMSysApp - ok
13:05:51.0472 3784 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
13:05:51.0472 3784 ConfigFree Service - ok
13:05:51.0504 3784 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:05:51.0504 3784 crcdisk - ok
13:05:51.0566 3784 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:05:51.0566 3784 CryptSvc - ok
13:05:51.0613 3784 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
13:05:51.0628 3784 DcomLaunch - ok
13:05:51.0660 3784 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
13:05:51.0675 3784 defragsvc - ok
13:05:51.0722 3784 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:05:51.0722 3784 DfsC - ok
13:05:51.0769 3784 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
13:05:51.0784 3784 Dhcp - ok
13:05:51.0816 3784 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
13:05:51.0816 3784 discache - ok
13:05:51.0878 3784 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
13:05:51.0878 3784 Disk - ok
13:05:51.0925 3784 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:05:51.0925 3784 Dnscache - ok
13:05:51.0972 3784 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
13:05:51.0972 3784 dot3svc - ok
13:05:52.0034 3784 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
13:05:52.0034 3784 Dot4 - ok
13:05:52.0096 3784 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
13:05:52.0096 3784 Dot4Print - ok
13:05:52.0128 3784 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
13:05:52.0128 3784 dot4usb - ok
13:05:52.0174 3784 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
13:05:52.0174 3784 DPS - ok
13:05:52.0221 3784 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:05:52.0221 3784 drmkaud - ok
13:05:52.0268 3784 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:05:52.0284 3784 DXGKrnl - ok
13:05:52.0330 3784 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
13:05:52.0346 3784 EapHost - ok
13:05:52.0455 3784 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
13:05:52.0518 3784 ebdrv - ok
13:05:52.0549 3784 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\windows\System32\lsass.exe
13:05:52.0564 3784 EFS - ok
13:05:52.0642 3784 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:05:52.0642 3784 ehRecvr - ok
13:05:52.0674 3784 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
13:05:52.0674 3784 ehSched - ok
13:05:52.0736 3784 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:05:52.0752 3784 elxstor - ok
13:05:52.0767 3784 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
13:05:52.0783 3784 ErrDev - ok
13:05:52.0845 3784 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
13:05:52.0845 3784 EventSystem - ok
13:05:52.0876 3784 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
13:05:52.0876 3784 exfat - ok
13:05:52.0908 3784 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
13:05:52.0908 3784 fastfat - ok
13:05:52.0954 3784 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
13:05:52.0970 3784 Fax - ok
13:05:53.0017 3784 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:05:53.0017 3784 fdc - ok
13:05:53.0064 3784 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
13:05:53.0064 3784 fdPHost - ok
13:05:53.0095 3784 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
13:05:53.0095 3784 FDResPub - ok
13:05:53.0126 3784 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:05:53.0126 3784 FileInfo - ok
13:05:53.0204 3784 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:05:53.0220 3784 Filetrace - ok
13:05:53.0251 3784 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:05:53.0266 3784 flpydisk - ok
13:05:53.0360 3784 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:05:53.0360 3784 FltMgr - ok
13:05:53.0500 3784 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\windows\system32\FntCache.dll
13:05:53.0516 3784 FontCache - ok
13:05:53.0688 3784 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:05:53.0688 3784 FontCache3.0.0.0 - ok
13:05:53.0734 3784 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:05:53.0734 3784 FsDepends - ok
13:05:53.0750 3784 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:05:53.0750 3784 Fs_Rec - ok
13:05:53.0781 3784 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:05:53.0797 3784 fvevol - ok
13:05:53.0828 3784 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:05:53.0828 3784 gagp30kx - ok
13:05:53.0890 3784 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
13:05:53.0906 3784 gpsvc - ok
13:05:53.0953 3784 gupdate - ok
13:05:53.0968 3784 gupdatem - ok
13:05:54.0000 3784 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:05:54.0015 3784 hcw85cir - ok
13:05:54.0062 3784 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:05:54.0062 3784 HdAudAddService - ok
13:05:54.0109 3784 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
13:05:54.0124 3784 HDAudBus - ok
13:05:54.0156 3784 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:05:54.0156 3784 HidBatt - ok
13:05:54.0187 3784 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:05:54.0187 3784 HidBth - ok
13:05:54.0234 3784 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:05:54.0234 3784 HidIr - ok
13:05:54.0280 3784 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
13:05:54.0280 3784 hidserv - ok
13:05:54.0327 3784 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:05:54.0327 3784 HidUsb - ok
13:05:54.0358 3784 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
13:05:54.0374 3784 hkmsvc - ok
13:05:54.0390 3784 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:05:54.0405 3784 HomeGroupListener - ok
13:05:54.0436 3784 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:05:54.0436 3784 HomeGroupProvider - ok
13:05:54.0577 3784 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:05:54.0577 3784 hpqcxs08 - ok
13:05:54.0608 3784 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:05:54.0608 3784 hpqddsvc - ok
13:05:54.0655 3784 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
13:05:54.0655 3784 HpSAMD - ok
13:05:54.0733 3784 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:05:54.0733 3784 HPSLPSVC - ok
13:05:54.0795 3784 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
13:05:54.0795 3784 HTTP - ok
13:05:54.0826 3784 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:05:54.0826 3784 hwpolicy - ok
13:05:54.0873 3784 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
13:05:54.0873 3784 i8042prt - ok
13:05:54.0920 3784 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
13:05:54.0920 3784 iaStorV - ok
13:05:54.0998 3784 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:05:55.0014 3784 idsvc - ok
13:05:55.0060 3784 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:05:55.0076 3784 iirsp - ok
13:05:55.0123 3784 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
13:05:55.0138 3784 IKEEXT - ok
13:05:55.0263 3784 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
13:05:55.0294 3784 IntcAzAudAddService - ok
13:05:55.0326 3784 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
13:05:55.0326 3784 intelide - ok
13:05:55.0372 3784 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:05:55.0372 3784 intelppm - ok
13:05:55.0419 3784 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:05:55.0419 3784 IPBusEnum - ok
13:05:55.0450 3784 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:05:55.0450 3784 IpFilterDriver - ok
13:05:55.0497 3784 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:05:55.0513 3784 iphlpsvc - ok
13:05:55.0544 3784 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
13:05:55.0544 3784 IPMIDRV - ok
13:05:55.0591 3784 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:05:55.0591 3784 IPNAT - ok
13:05:55.0622 3784 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
13:05:55.0622 3784 IRENUM - ok
13:05:55.0653 3784 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
13:05:55.0653 3784 isapnp - ok
13:05:55.0684 3784 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
13:05:55.0700 3784 iScsiPrt - ok
13:05:55.0747 3784 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
13:05:55.0747 3784 kbdclass - ok
13:05:55.0794 3784 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
13:05:55.0794 3784 kbdhid - ok
13:05:55.0825 3784 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\windows\system32\lsass.exe
13:05:55.0825 3784 KeyIso - ok
13:05:55.0856 3784 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:05:55.0856 3784 KSecDD - ok
13:05:55.0903 3784 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:05:55.0903 3784 KSecPkg - ok
13:05:55.0950 3784 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
13:05:55.0965 3784 KtmRm - ok
13:05:56.0028 3784 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
13:05:56.0028 3784 LanmanServer - ok
13:05:56.0059 3784 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:05:56.0059 3784 LanmanWorkstation - ok
13:05:56.0184 3784 [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
13:05:56.0184 3784 LBTServ - ok
13:05:56.0246 3784 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
13:05:56.0246 3784 LHidFilt - ok
13:05:56.0308 3784 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:05:56.0308 3784 lltdio - ok
13:05:56.0340 3784 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
13:05:56.0355 3784 lltdsvc - ok
13:05:56.0386 3784 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
13:05:56.0386 3784 lmhosts - ok
13:05:56.0418 3784 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
13:05:56.0418 3784 LMouFilt - ok
13:05:56.0480 3784 [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
13:05:56.0480 3784 LPCFilter - ok
13:05:56.0527 3784 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:05:56.0527 3784 LSI_FC - ok
13:05:56.0574 3784 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:05:56.0574 3784 LSI_SAS - ok
13:05:56.0605 3784 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:05:56.0605 3784 LSI_SAS2 - ok
13:05:56.0636 3784 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:05:56.0636 3784 LSI_SCSI - ok
13:05:56.0667 3784 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
13:05:56.0683 3784 luafv - ok
13:05:56.0714 3784 [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt C:\windows\system32\Drivers\LUsbFilt.Sys
13:05:56.0730 3784 LUsbFilt - ok
13:05:56.0776 3784 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:05:56.0776 3784 Mcx2Svc - ok
13:05:56.0823 3784 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:05:56.0823 3784 megasas - ok
13:05:56.0854 3784 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:05:56.0854 3784 MegaSR - ok
13:05:56.0886 3784 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
13:05:56.0886 3784 MMCSS - ok
13:05:56.0917 3784 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
13:05:56.0917 3784 Modem - ok
13:05:56.0948 3784 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:05:56.0964 3784 monitor - ok
13:05:57.0010 3784 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:05:57.0010 3784 mouclass - ok
13:05:57.0042 3784 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:05:57.0042 3784 mouhid - ok
13:05:57.0073 3784 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:05:57.0073 3784 mountmgr - ok
13:05:57.0120 3784 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
13:05:57.0120 3784 MpFilter - ok
13:05:57.0151 3784 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
13:05:57.0151 3784 mpio - ok
13:05:57.0322 3784 [ A69630D039C38018689190234F866D77 ] MpKsl2db44871 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25EE3F22-2B54-4FF6-BFB3-D831103D16E3}\MpKsl2db44871.sys
13:05:57.0322 3784 MpKsl2db44871 - ok
13:05:57.0369 3784 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:05:57.0369 3784 mpsdrv - ok
13:05:57.0416 3784 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
13:05:57.0416 3784 MpsSvc - ok
13:05:57.0447 3784 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:05:57.0463 3784 MRxDAV - ok
13:05:57.0510 3784 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:05:57.0525 3784 mrxsmb - ok
13:05:57.0588 3784 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:05:57.0588 3784 mrxsmb10 - ok
13:05:57.0603 3784 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:05:57.0619 3784 mrxsmb20 - ok
13:05:57.0650 3784 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
13:05:57.0650 3784 msahci - ok
13:05:57.0681 3784 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
13:05:57.0681 3784 msdsm - ok
13:05:57.0712 3784 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
13:05:57.0712 3784 MSDTC - ok
13:05:57.0759 3784 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
13:05:57.0759 3784 Msfs - ok
13:05:57.0790 3784 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:05:57.0790 3784 mshidkmdf - ok
13:05:57.0806 3784 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
13:05:57.0806 3784 msisadrv - ok
13:05:57.0868 3784 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:05:57.0868 3784 MSiSCSI - ok
13:05:57.0884 3784 msiserver - ok
13:05:57.0915 3784 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:05:57.0915 3784 MSKSSRV - ok
13:05:58.0009 3784 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:05:58.0009 3784 MsMpSvc - ok
13:05:58.0056 3784 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:05:58.0056 3784 MSPCLOCK - ok
13:05:58.0102 3784 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:05:58.0102 3784 MSPQM - ok
13:05:58.0134 3784 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:05:58.0134 3784 MsRPC - ok
13:05:58.0180 3784 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
13:05:58.0180 3784 mssmbios - ok
13:05:58.0196 3784 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:05:58.0212 3784 MSTEE - ok
13:05:58.0227 3784 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:05:58.0227 3784 MTConfig - ok
13:05:58.0258 3784 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
13:05:58.0258 3784 Mup - ok
13:05:58.0305 3784 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
13:05:58.0321 3784 napagent - ok
13:05:58.0383 3784 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:05:58.0383 3784 NativeWifiP - ok
13:05:58.0446 3784 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
13:05:58.0446 3784 NDIS - ok
13:05:58.0492 3784 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:05:58.0492 3784 NdisCap - ok
13:05:58.0524 3784 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:05:58.0524 3784 NdisTapi - ok
13:05:58.0555 3784 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:05:58.0555 3784 Ndisuio - ok
13:05:58.0586 3784 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:05:58.0586 3784 NdisWan - ok
13:05:58.0617 3784 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:05:58.0617 3784 NDProxy - ok
13:05:58.0680 3784 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
13:05:58.0680 3784 Net Driver HPZ12 - ok
13:05:58.0742 3784 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:05:58.0742 3784 NetBIOS - ok
13:05:58.0773 3784 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:05:58.0773 3784 NetBT - ok
13:05:58.0804 3784 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\windows\system32\lsass.exe
13:05:58.0820 3784 Netlogon - ok
13:05:58.0867 3784 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
13:05:58.0867 3784 Netman - ok
13:05:58.0898 3784 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
13:05:58.0914 3784 netprofm - ok
13:05:58.0945 3784 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:05:58.0945 3784 NetTcpPortSharing - ok
13:05:59.0007 3784 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:05:59.0007 3784 nfrd960 - ok
13:05:59.0054 3784 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:05:59.0070 3784 NisDrv - ok
13:05:59.0116 3784 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:05:59.0116 3784 NisSrv - ok
13:05:59.0163 3784 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
13:05:59.0163 3784 NlaSvc - ok
13:05:59.0194 3784 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
13:05:59.0194 3784 Npfs - ok
13:05:59.0226 3784 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
13:05:59.0226 3784 nsi - ok
13:05:59.0257 3784 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:05:59.0257 3784 nsiproxy - ok
13:05:59.0319 3784 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:05:59.0335 3784 Ntfs - ok
13:05:59.0350 3784 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
13:05:59.0350 3784 Null - ok
13:05:59.0382 3784 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
13:05:59.0382 3784 nvraid - ok
13:05:59.0428 3784 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
13:05:59.0428 3784 nvstor - ok
13:05:59.0444 3784 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
13:05:59.0444 3784 nv_agp - ok
13:05:59.0553 3784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:05:59.0569 3784 odserv - ok
13:05:59.0584 3784 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
13:05:59.0600 3784 ohci1394 - ok
13:05:59.0647 3784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:59.0647 3784 ose - ok
13:05:59.0694 3784 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:05:59.0694 3784 p2pimsvc - ok
13:05:59.0725 3784 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
13:05:59.0740 3784 p2psvc - ok
13:05:59.0772 3784 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:05:59.0787 3784 Parport - ok
13:05:59.0803 3784 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\windows\system32\drivers\partmgr.sys
13:05:59.0803 3784 partmgr - ok
13:05:59.0834 3784 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
13:05:59.0865 3784 Parvdm - ok
13:05:59.0896 3784 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
13:05:59.0912 3784 PcaSvc - ok
13:05:59.0943 3784 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
13:05:59.0959 3784 pci - ok
13:05:59.0974 3784 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
13:05:59.0990 3784 pciide - ok
13:06:00.0021 3784 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:06:00.0037 3784 pcmcia - ok
13:06:00.0068 3784 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
13:06:00.0084 3784 pcw - ok
13:06:00.0146 3784 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:06:00.0162 3784 PEAUTH - ok
13:06:00.0302 3784 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
13:06:00.0318 3784 pla - ok
13:06:00.0380 3784 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:06:00.0396 3784 PlugPlay - ok
13:06:00.0442 3784 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
13:06:00.0442 3784 Pml Driver HPZ12 - ok
13:06:00.0489 3784 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:06:00.0489 3784 PNRPAutoReg - ok
13:06:00.0520 3784 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:06:00.0520 3784 PNRPsvc - ok
13:06:00.0583 3784 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:06:00.0583 3784 PolicyAgent - ok
13:06:00.0645 3784 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
13:06:00.0645 3784 Power - ok
13:06:00.0692 3784 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:06:00.0692 3784 PptpMiniport - ok
13:06:00.0723 3784 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
13:06:00.0723 3784 Processor - ok
13:06:00.0786 3784 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
13:06:00.0786 3784 ProfSvc - ok
13:06:00.0817 3784 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\windows\system32\lsass.exe
13:06:00.0832 3784 ProtectedStorage - ok
13:06:00.0879 3784 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:06:00.0879 3784 Psched - ok
13:06:00.0942 3784 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:06:00.0957 3784 ql2300 - ok
13:06:01.0004 3784 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:06:01.0004 3784 ql40xx - ok
13:06:01.0051 3784 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
13:06:01.0051 3784 QWAVE - ok
13:06:01.0066 3784 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:06:01.0082 3784 QWAVEdrv - ok
13:06:01.0098 3784 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:06:01.0113 3784 RasAcd - ok
13:06:01.0144 3784 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:06:01.0144 3784 RasAgileVpn - ok
13:06:01.0176 3784 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
13:06:01.0176 3784 RasAuto - ok
13:06:01.0222 3784 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:06:01.0222 3784 Rasl2tp - ok
13:06:01.0285 3784 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
13:06:01.0285 3784 RasMan - ok
13:06:01.0300 3784 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:06:01.0316 3784 RasPppoe - ok
13:06:01.0363 3784 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:06:01.0363 3784 RasSstp - ok
13:06:01.0378 3784 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:06:01.0394 3784 rdbss - ok
13:06:01.0425 3784 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:06:01.0425 3784 rdpbus - ok
13:06:01.0456 3784 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:06:01.0456 3784 RDPCDD - ok
13:06:01.0503 3784 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:06:01.0503 3784 RDPENCDD - ok
13:06:01.0534 3784 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:06:01.0534 3784 RDPREFMP - ok
13:06:01.0566 3784 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:06:01.0581 3784 RDPWD - ok
13:06:01.0597 3784 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:06:01.0628 3784 rdyboost - ok
13:06:01.0675 3784 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
13:06:01.0675 3784 RemoteAccess - ok
13:06:01.0722 3784 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:06:01.0722 3784 RemoteRegistry - ok
13:06:01.0768 3784 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:06:01.0768 3784 RpcEptMapper - ok
13:06:01.0784 3784 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
13:06:01.0800 3784 RpcLocator - ok
13:06:01.0831 3784 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
13:06:01.0831 3784 RpcSs - ok
13:06:01.0893 3784 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:06:01.0893 3784 rspndr - ok
13:06:01.0909 3784 RSUSBSTOR - ok
13:06:01.0971 3784 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
13:06:01.0971 3784 RTL8167 - ok
13:06:02.0034 3784 [ E48DAF453D773A89A44134CE4BA9AF44 ] RTL8187Se C:\windows\system32\DRIVERS\RTL8187Se.sys
13:06:02.0049 3784 RTL8187Se - ok
13:06:02.0065 3784 RtsUIR - ok
13:06:02.0080 3784 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\windows\system32\lsass.exe
13:06:02.0080 3784 SamSs - ok
13:06:02.0127 3784 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
13:06:02.0127 3784 sbp2port - ok
13:06:02.0158 3784 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
13:06:02.0174 3784 SCardSvr - ok
13:06:02.0190 3784 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:06:02.0190 3784 scfilter - ok
13:06:02.0252 3784 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
13:06:02.0268 3784 Schedule - ok
13:06:02.0283 3784 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
13:06:02.0283 3784 SCPolicySvc - ok
13:06:02.0314 3784 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:06:02.0330 3784 SDRSVC - ok
13:06:02.0361 3784 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:06:02.0361 3784 secdrv - ok
13:06:02.0392 3784 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
13:06:02.0392 3784 seclogon - ok
13:06:02.0439 3784 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
13:06:02.0439 3784 SENS - ok
13:06:02.0470 3784 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
13:06:02.0470 3784 SensrSvc - ok
13:06:02.0548 3784 [ E42F03D1081C4F60D3DB6C38235B1456 ] Ser2pl C:\windows\system32\DRIVERS\ser2pl.sys
13:06:02.0548 3784 Ser2pl - ok
13:06:02.0595 3784 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:06:02.0595 3784 Serenum - ok
13:06:02.0626 3784 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:06:02.0626 3784 Serial - ok
13:06:02.0658 3784 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:06:02.0658 3784 sermouse - ok
13:06:02.0720 3784 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
13:06:02.0736 3784 SessionEnv - ok
13:06:02.0751 3784 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
13:06:02.0751 3784 sffdisk - ok
13:06:02.0782 3784 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
13:06:02.0782 3784 sffp_mmc - ok
13:06:02.0798 3784 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
13:06:02.0798 3784 sffp_sd - ok
13:06:02.0829 3784 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:06:02.0829 3784 sfloppy - ok
13:06:02.0876 3784 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
13:06:02.0876 3784 SharedAccess - ok
13:06:02.0923 3784 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:06:02.0923 3784 ShellHWDetection - ok
13:06:02.0954 3784 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
13:06:02.0954 3784 sisagp - ok
13:06:03.0016 3784 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:06:03.0016 3784 SiSRaid2 - ok
13:06:03.0048 3784 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:06:03.0048 3784 SiSRaid4 - ok
13:06:03.0079 3784 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
13:06:03.0094 3784 Smb - ok
13:06:03.0141 3784 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:06:03.0141 3784 SNMPTRAP - ok
13:06:03.0157 3784 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
13:06:03.0157 3784 spldr - ok
13:06:03.0219 3784 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\windows\System32\spoolsv.exe
13:06:03.0219 3784 Spooler - ok
13:06:03.0313 3784 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
13:06:03.0375 3784 sppsvc - ok

 

[Communications]

...continued
13:06:03.0453 3784 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:06:03.0469 3784 sppuinotify - ok
13:06:03.0516 3784 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
13:06:03.0531 3784 srv - ok
13:06:03.0562 3784 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:06:03.0562 3784 srv2 - ok
13:06:03.0594 3784 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:06:03.0594 3784 srvnet - ok
13:06:03.0625 3784 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:06:03.0625 3784 SSDPSRV - ok
13:06:03.0672 3784 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
13:06:03.0672 3784 SstpSvc - ok
13:06:03.0718 3784 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:06:03.0734 3784 stexstor - ok
13:06:03.0796 3784 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
13:06:03.0796 3784 StiSvc - ok
13:06:03.0843 3784 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
13:06:03.0843 3784 swenum - ok
13:06:03.0890 3784 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
13:06:03.0890 3784 swprv - ok
13:06:03.0952 3784 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:06:03.0968 3784 SynTP - ok
13:06:04.0015 3784 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
13:06:04.0030 3784 SysMain - ok
13:06:04.0077 3784 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
13:06:04.0077 3784 TabletInputService - ok
13:06:04.0124 3784 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
13:06:04.0155 3784 tap0901 - ok
13:06:04.0171 3784 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
13:06:04.0186 3784 TapiSrv - ok
13:06:04.0202 3784 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
13:06:04.0218 3784 TBS - ok
13:06:04.0280 3784 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:06:04.0311 3784 Tcpip - ok
13:06:04.0374 3784 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:06:04.0374 3784 TCPIP6 - ok
13:06:04.0452 3784 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:06:04.0452 3784 tcpipreg - ok
13:06:04.0514 3784 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
13:06:04.0514 3784 tdcmdpst - ok
13:06:04.0545 3784 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:06:04.0545 3784 TDPIPE - ok
13:06:04.0576 3784 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:06:04.0576 3784 TDTCP - ok
13:06:04.0608 3784 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:06:04.0608 3784 tdx - ok
13:06:04.0639 3784 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
13:06:04.0639 3784 TermDD - ok
13:06:04.0701 3784 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
13:06:04.0717 3784 TermService - ok
13:06:04.0732 3784 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
13:06:04.0732 3784 Themes - ok
13:06:04.0764 3784 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
13:06:04.0764 3784 THREADORDER - ok
13:06:04.0842 3784 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:06:04.0842 3784 TMachInfo - ok
13:06:04.0904 3784 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:06:04.0904 3784 TODDSrv - ok
13:06:04.0966 3784 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:06:04.0982 3784 TosCoSrv - ok
13:06:05.0044 3784 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:06:05.0044 3784 TOSHIBA HDD SSD Alert Service - ok
13:06:05.0107 3784 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
13:06:05.0122 3784 tos_sps32 - ok
13:06:05.0169 3784 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
13:06:05.0185 3784 TrkWks - ok
13:06:05.0232 3784 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:06:05.0247 3784 TrustedInstaller - ok
13:06:05.0278 3784 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:06:05.0278 3784 tssecsrv - ok
13:06:05.0325 3784 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:06:05.0325 3784 tunnel - ok
13:06:05.0372 3784 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:06:05.0372 3784 TVALZ - ok
13:06:05.0419 3784 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:06:05.0419 3784 uagp35 - ok
13:06:05.0450 3784 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:06:05.0450 3784 udfs - ok
13:06:05.0512 3784 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:06:05.0528 3784 UI0Detect - ok
13:06:05.0544 3784 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
13:06:05.0544 3784 uliagpkx - ok
13:06:05.0590 3784 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:06:05.0590 3784 umbus - ok
13:06:05.0637 3784 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:06:05.0653 3784 UmPass - ok
13:06:05.0684 3784 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
13:06:05.0700 3784 upnphost - ok
13:06:05.0762 3784 [ 00114A2122B2B737B97D97DD98E1882E ] usbanyka C:\windows\system32\DRIVERS\UsbAnyka.sys
13:06:05.0778 3784 usbanyka - ok
13:06:05.0809 3784 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:06:05.0809 3784 usbccgp - ok
13:06:05.0824 3784 USBCCID - ok
13:06:05.0856 3784 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
13:06:05.0856 3784 usbcir - ok
13:06:05.0902 3784 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:06:05.0902 3784 usbehci - ok
13:06:05.0934 3784 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:06:05.0934 3784 usbhub - ok
13:06:05.0980 3784 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
13:06:05.0980 3784 usbohci - ok
13:06:06.0012 3784 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:06:06.0012 3784 usbprint - ok
13:06:06.0058 3784 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:06:06.0058 3784 usbscan - ok
13:06:06.0105 3784 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:06:06.0152 3784 USBSTOR - ok
13:06:06.0183 3784 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
13:06:06.0183 3784 usbuhci - ok
13:06:06.0214 3784 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
13:06:06.0214 3784 UxSms - ok
13:06:06.0230 3784 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\windows\system32\lsass.exe
13:06:06.0246 3784 VaultSvc - ok
13:06:06.0277 3784 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
13:06:06.0277 3784 vdrvroot - ok
13:06:06.0308 3784 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
13:06:06.0324 3784 vds - ok
13:06:06.0355 3784 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:06:06.0370 3784 vga - ok
13:06:06.0402 3784 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
13:06:06.0402 3784 VgaSave - ok
13:06:06.0433 3784 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
13:06:06.0433 3784 vhdmp - ok
13:06:06.0464 3784 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
13:06:06.0464 3784 viaagp - ok
13:06:06.0495 3784 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
13:06:06.0542 3784 ViaC7 - ok
13:06:06.0573 3784 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
13:06:06.0589 3784 viaide - ok
13:06:06.0604 3784 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
13:06:06.0620 3784 volmgr - ok
13:06:06.0682 3784 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:06:06.0682 3784 volmgrx - ok
13:06:06.0745 3784 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
13:06:06.0745 3784 volsnap - ok
13:06:06.0792 3784 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:06:06.0792 3784 vsmraid - ok
13:06:06.0854 3784 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
13:06:06.0870 3784 VSS - ok
13:06:06.0901 3784 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:06:06.0901 3784 vwifibus - ok
13:06:06.0948 3784 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:06:06.0948 3784 vwififlt - ok
13:06:06.0994 3784 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:06:06.0994 3784 vwifimp - ok
13:06:07.0026 3784 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
13:06:07.0041 3784 W32Time - ok
13:06:07.0072 3784 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:06:07.0072 3784 WacomPen - ok
13:06:07.0104 3784 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:06:07.0104 3784 WANARP - ok
13:06:07.0119 3784 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:06:07.0119 3784 Wanarpv6 - ok
13:06:07.0213 3784 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
13:06:07.0228 3784 WatAdminSvc - ok
13:06:07.0291 3784 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
13:06:07.0306 3784 wbengine - ok
13:06:07.0338 3784 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:06:07.0338 3784 WbioSrvc - ok
13:06:07.0369 3784 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\windows\System32\wcncsvc.dll
13:06:07.0369 3784 wcncsvc - ok
13:06:07.0416 3784 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:06:07.0431 3784 WcsPlugInService - ok
13:06:07.0462 3784 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
13:06:07.0462 3784 Wd - ok
13:06:07.0509 3784 [ 77D80469DD64DFDDF3F2B881C68DCBE1 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:06:07.0509 3784 Suspicious file (Forged): C:\windows\system32\drivers\Wdf01000.sys. Real md5: 77D80469DD64DFDDF3F2B881C68DCBE1, Fake md5: 9950E3D0F08141C7E89E64456AE7DC73
13:06:07.0509 3784 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
13:06:07.0509 3784 Wdf01000 - detected Virus.Win32.Rloader.a (0)
13:06:07.0540 3784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
13:06:07.0540 3784 WdiServiceHost - ok
13:06:07.0572 3784 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
13:06:07.0572 3784 WdiSystemHost - ok
13:06:07.0603 3784 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\windows\System32\webclnt.dll
13:06:07.0603 3784 WebClient - ok
13:06:07.0650 3784 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
13:06:07.0665 3784 Wecsvc - ok
13:06:07.0681 3784 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
13:06:07.0681 3784 wercplsupport - ok
13:06:07.0712 3784 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
13:06:07.0728 3784 WerSvc - ok
13:06:07.0759 3784 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:06:07.0759 3784 WfpLwf - ok
13:06:07.0806 3784 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:06:07.0806 3784 WIMMount - ok
13:06:07.0868 3784 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:06:07.0884 3784 WinDefend - ok
13:06:07.0899 3784 WinHttpAutoProxySvc - ok
13:06:07.0962 3784 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:06:07.0962 3784 Winmgmt - ok
13:06:08.0040 3784 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
13:06:08.0055 3784 WinRM - ok
13:06:08.0133 3784 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
13:06:08.0133 3784 WinUsb - ok
13:06:08.0196 3784 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
13:06:08.0211 3784 Wlansvc - ok
13:06:08.0305 3784 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:06:08.0320 3784 wlidsvc - ok
13:06:08.0336 3784 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
13:06:08.0336 3784 WmiAcpi - ok
13:06:08.0383 3784 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:06:08.0383 3784 wmiApSrv - ok
13:06:08.0492 3784 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:06:08.0508 3784 WMPNetworkSvc - ok
13:06:08.0539 3784 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
13:06:08.0539 3784 WPCSvc - ok
13:06:08.0570 3784 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:06:08.0570 3784 WPDBusEnum - ok
13:06:08.0617 3784 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:06:08.0617 3784 ws2ifsl - ok
13:06:08.0648 3784 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
13:06:08.0664 3784 wscsvc - ok
13:06:08.0679 3784 WSearch - ok
13:06:08.0757 3784 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\windows\system32\wuaueng.dll
13:06:08.0788 3784 wuauserv - ok
13:06:08.0804 3784 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:06:08.0820 3784 WudfPf - ok
13:06:08.0851 3784 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:06:08.0851 3784 WUDFRd - ok
13:06:08.0898 3784 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:06:08.0898 3784 wudfsvc - ok
13:06:08.0944 3784 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
13:06:08.0944 3784 WwanSvc - ok
13:06:09.0038 3784 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:06:09.0038 3784 YahooAUService - ok
13:06:09.0100 3784 ================ Scan global ===============================
13:06:09.0132 3784 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
13:06:09.0178 3784 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
13:06:09.0194 3784 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\windows\system32\winsrv.dll
13:06:09.0225 3784 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
13:06:09.0272 3784 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
13:06:09.0288 3784 [Global] - ok
13:06:09.0288 3784 ================ Scan MBR ==================================
13:06:09.0303 3784 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
13:06:09.0490 3784 \Device\Harddisk0\DR0 - ok
13:06:09.0490 3784 ================ Scan VBR ==================================
13:06:09.0522 3784 [ 3E2D8FF930A548FE6BFA83167EFB82C4 ] \Device\Harddisk0\DR0\Partition1
13:06:09.0522 3784 \Device\Harddisk0\DR0\Partition1 - ok
13:06:09.0522 3784 ============================================================
13:06:09.0522 3784 Scan finished
13:06:09.0522 3784 ============================================================
13:06:09.0553 4680 Detected object count: 1
13:06:09.0553 4680 Actual detected object count: 1
13:06:33.0499 4680 C:\windows\system32\drivers\Wdf01000.sys - copied to quarantine
13:06:40.0488 4680 Backup copy found, using it..
13:06:40.0831 4680 C:\windows\system32\drivers\Wdf01000.sys - will be cured on reboot
13:06:40.0831 4680 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
13:07:33.0237 3296 Deinitialize success

 

[Communications]

The second tdss is a folder, not a file, TDSSKiller_Quarantine. didnt know if you wanted me to post that as well.
the Rouge Killer produces a few reports because or re scans. here they are...

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Scan -- Date : 09/20/2012 13:23:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
________________________________________________________________________________

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Scan -- Date : 09/20/2012 13:25:44
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 09/20/2012 13:26:43
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Matt\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 09/20/2012 13:27:20
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
_______________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : ProxyFix -- Date : 09/20/2012 13:27:32
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
_____________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : ProxyFix -- Date : 09/20/2012 13:27:40
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
______________________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Remove -- Date : 09/20/2012 13:28:22
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT REMOVED, USE PROXYFIX
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545025B9A300 ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt
________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : ProxyFix -- Date : 09/20/2012 13:28:29
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> NOT SELECTED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
________________________________________________________________________________
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : ProxyFix -- Date : 09/20/2012 13:28:46
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ftp=118.97.170.195:8080;hxxp=118.97.170.195:8080;hxxps=118.97.170.195:8080) -> DELETED
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[10].txt >>
RKreport[10].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

 

[Broni]

aswMBR?

 

[Communications]

Still scanning, I will post when finished. but as an update, all of my internet is working now, and no computer freezing, will continue to moniter and let you know

 

[Broni]

Good news

 

[Communications]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 15:32:07
-----------------------------
15:32:07.158 OS Version: Windows 6.1.7600
15:32:07.158 Number of processors: 1 586 0x301
15:32:07.158 ComputerName: MATT-PC UserName: Matt
15:32:08.562 Initialize success
15:32:25.956 AVAST engine defs: 12092000
15:32:32.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:32:32.212 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 11
15:32:32.212 Disk 0 MBR read successfully
15:32:32.227 Disk 0 MBR scan
15:32:32.227 Disk 0 Windows VISTA default MBR code
15:32:32.243 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:32:32.321 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
15:32:32.493 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
15:32:32.571 Disk 0 scanning sectors +488396800
15:32:32.851 Disk 0 scanning C:\windows\system32\drivers
15:33:33.583 Service scanning
15:34:26.551 Service MpKslaa3211c7 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25EE3F22-2B54-4FF6-BFB3-D831103D16E3}\MpKslaa3211c7.sys **LOCKED** 32
15:35:12.480 Modules scanning
15:35:33.705 Disk 0 trace - called modules:
15:35:33.744 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys HDAudBus.sys
15:35:33.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c54ac8]
15:35:33.759 3 CLASSPNP.SYS[8840459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85c4f030]
15:35:34.803 AVAST engine scan C:\windows
15:35:40.437 AVAST engine scan C:\windows\system32
15:44:46.217 AVAST engine scan C:\windows\system32\drivers
15:45:30.226 AVAST engine scan C:\Users\Matt
16:02:05.903 AVAST engine scan C:\ProgramData
16:04:46.754 Scan finished successfully
16:09:55.260 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
16:09:55.292 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

on a side note, everything works fine, but I noticed that the java chat sites that I moderate will not load, I installed the java update but I will continue to try

 

[Broni]

Good

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Communications]

OTL logfile created on: 9/21/2012 10:24:12 AM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.81% Memory free
3.50 Gb Paging File | 2.30 Gb Available in Paging File | 65.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 152.66 Gb Free Space | 68.35% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 10:23:25 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2012/09/15 06:13:05 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/04 09:28:58 | 018,221,432 | ---- | M] (Enterasys Networks, Inc) -- C:\Program Files\Enterasys Networks\NAC Agent\NacAgent.exe
PRC - [2011/02/11 14:45:54 | 001,295,736 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 18:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 18:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 21:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:28 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 01:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/21 10:11:42 | 000,053,248 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\ShutdownGuardian.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/14 03:07:29 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\45e8faf9163d342297c46813373d8f74\System.ServiceProcess.ni.dll
MOD - [2011/08/14 03:04:53 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011/08/14 03:04:10 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011/08/14 03:02:39 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011/08/14 03:02:10 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011/08/14 03:01:46 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011/06/30 03:21:22 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2009/12/18 03:00:50 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/08/03 21:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 14:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/20 13:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
MOD - [2009/07/16 19:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 19:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 18:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 23:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2008/06/10 19:50:34 | 000,069,632 | ---- | M] () -- C:\Program Files\Enterasys Networks\NAC Agent\rt\bin\java.dll
MOD - [2008/06/10 19:50:26 | 000,020,480 | ---- | M] () -- C:\Program Files\Enterasys Networks\NAC Agent\rt\bin\jetvm\jvm.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2012/09/15 06:13:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Running] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/11 14:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/02/28 08:41:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/24 19:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 19:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 18:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/05 04:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/08/22 11:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2007/11/13 16:21:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2005/03/31 20:41:26 | 000,043,136 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2415802


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.maxiwe.com
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autocompletepro.com/?si=7148&bi=400
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\InprocServer32 File not found
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\InprocServer32 File not found
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes,DefaultScope = {0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{0724B52E-AF67-4A6A-AABB-6B5EF0836C8B}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7TSNA_enUS365US365
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.autocompletepro.com/?si=7148&bi=400&q={searchTerms}
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\SearchScopes\{B22BFE2D-069E-43E1-822D-792F14316CD1}: "URL" = http://search.yahoo.com/search?p={s...ype=W3i_DS,136,0_0,Search,20100418,6686,0,8,0
IE - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 02:53:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/17 02:53:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/09/16 17:18:00 | 000,000,707 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll File not found
O3 - HKLM\..\Toolbar: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\Toolbar\WebBrowser: (24MusicBar Toolbar) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [CyberGhost VPN] C:\Program Files\CyberGhost VPN\Cyberghost.exe (CyberGhost SRL)
O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://weather-port.southlewis.org/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD1D8390-CDF3-415C-8C70-19F314942E90}: DhcpNameServer = 10.3.10.11 10.3.10.10
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 10:22:55 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/09/20 13:54:33 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK Reports
[2012/09/20 13:24:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/09/20 13:22:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2012/09/20 13:06:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/20 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\tdsskiller
[2012/09/18 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2012/09/18 23:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/17 14:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Fix 2012
[2012/09/16 19:36:56 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/09/16 19:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/09/16 16:40:36 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Mozilla
[2012/09/16 16:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/16 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
[2012/09/16 15:10:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\DriverCure
[2012/09/16 15:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/09/16 05:21:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2012/09/15 23:34:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\AVG2013
[2012/09/15 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\MFAData
[2012/09/15 23:26:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Avg2013
[2012/09/12 11:25:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\S.A.D
[2012/09/10 13:58:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\backup
[2012/09/10 13:47:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\10-09-2012
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/21 10:23:25 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/09/21 10:22:02 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/21 10:17:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 10:17:24 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 10:13:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/21 10:10:17 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/21 10:09:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/21 10:09:40 | 1408,045,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 16:09:55 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/09/20 13:25:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/09/20 13:21:56 | 001,382,912 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2012/09/20 12:49:10 | 000,007,667 | ---- | M] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
[2012/09/19 05:04:06 | 000,003,584 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/19 02:02:16 | 000,000,262 | ---- | M] () -- C:\Users\Matt\Desktop\Run.lnk
[2012/09/18 18:43:58 | 000,617,460 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/18 18:43:58 | 000,104,702 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/17 12:00:46 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/16 19:36:56 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys
[2012/09/16 17:18:00 | 000,000,707 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/09/15 23:32:25 | 000,000,165 | ---- | M] () -- C:\windows\System32\userawacs.cfg
[2012/09/14 19:20:03 | 000,000,110 | ---- | M] () -- C:\windows\System32\reem.bat
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/20 16:09:55 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/09/20 13:21:24 | 001,382,912 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2012/09/19 02:02:16 | 000,000,262 | ---- | C] () -- C:\Users\Matt\Desktop\Run.lnk
[2012/09/17 12:00:06 | 000,001,886 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/15 23:32:25 | 000,000,165 | ---- | C] () -- C:\windows\System32\userawacs.cfg
[2012/09/14 19:20:01 | 000,000,110 | ---- | C] () -- C:\windows\System32\reem.bat
[2012/05/15 03:53:54 | 000,002,306 | ---- | C] () -- C:\Users\Matt\.java.policy
[2012/04/30 03:54:13 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/06 07:20:21 | 000,025,442 | ---- | C] () -- C:\Users\Matt\Documen
[2011/01/27 11:39:36 | 000,007,667 | ---- | C] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
[2010/12/16 23:15:24 | 000,239,803 | ---- | C] () -- C:\windows\hpwins05.dat
[2010/12/16 23:15:24 | 000,003,111 | ---- | C] () -- C:\windows\hpwmdl05.dat
[2010/02/03 21:12:12 | 000,001,038 | ---- | C] () -- C:\Users\Matt\Pictures - Shortcut.lnk

========== ZeroAccess Check ==========

[2010/04/15 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

========== LOP Check ==========

[2011/02/11 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
[2012/09/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
[2012/09/10 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\backup
[2012/09/15 05:58:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\butel
[2012/07/29 18:08:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\butelsoap
[2012/09/16 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DriverCure
[2012/06/29 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FrostWire
[2010/02/05 16:21:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2010/10/10 10:20:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MSA
[2011/02/05 02:07:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MusicNet
[2012/09/12 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\S.A.D
[2012/09/16 15:10:30 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SpeedyPC Software
[2010/02/04 08:38:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TOSHIBA
[2012/09/16 05:21:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2011/05/31 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WhiteSmoke
[2010/02/03 19:42:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinBatch
[2011/03/02 04:25:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
< End of report >

 

[Communications]

OTL Extras logfile created on: 9/21/2012 10:24:12 AM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 47.81% Memory free
3.50 Gb Paging File | 2.30 Gb Available in Paging File | 65.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 152.66 Gb Free Space | 68.35% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0042CAAE-F82C-48D7-9EDE-25209A9670F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{034A10A3-D8AC-4DE2-AB4D-6CA4A21E268F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{06D10A98-7F70-4454-A936-330D68D7AF23}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DED3C19-322A-4BBE-BEEA-2D6A07B293B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{275205EA-9DD2-4474-BD83-58F809692721}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27C3B4B8-7EA1-4C4D-A2A0-B0518621E7EF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{38C9414F-32BB-4363-9F63-8C6FF23B2CE1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4D60DD92-690A-47BB-BD31-5F07369E2D41}" = rport=138 | protocol=17 | dir=out | app=system |
"{66C5335E-E899-4E0C-9AC7-CBBFCA7B4F7F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6718A929-540B-4B15-A5A2-736813B3B54B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CDD27F2-FE75-4FF1-AF32-3BAEBAEF15DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70C645C9-B25D-41C7-BB44-F6C387B03946}" = rport=139 | protocol=6 | dir=out | app=system |
"{8651E827-4D7B-4855-899A-C6835453A525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E13E89B-4FB8-4C22-9B92-CE42A1E0FEAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E66027D-482D-4936-95F7-7B1F5B02571E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A1B33A15-F748-4CEC-A976-3E73FA5ACF0D}" = lport=445 | protocol=6 | dir=in | app=system |
"{ADC4545A-EADA-4B13-9A09-9ED2FBC3FCB4}" = rport=137 | protocol=17 | dir=out | app=system |
"{B18A6CD8-9DA1-48C1-8EBE-D5CDD3F855EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7701B56-91A3-4E69-A6D5-7EE0C256834D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C582BD8C-441B-4C6E-AF4D-36A585067043}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6F3CE39-DA5A-4A6B-8BEA-7665FD68797C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC6B361A-DBA7-43C4-8948-53978ECA825B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0BAD3B7-C616-4BF8-B178-C4A60744A4D7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6D56358-F481-4631-83CE-F4D4963D8864}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FBFDEE5E-9400-4DFF-96CD-BA485DF9EE04}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A003D3-2B66-47BD-B91F-E2D2A9271AA7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{0609F7B0-D067-49FC-9460-0C0EDCC9262A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{06F68753-508B-4B77-A007-CEAC8ADE2F17}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BB6A171-089B-4692-9F73-30AF8E8DBCE2}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
"{1A4BCE0D-8EAA-4690-B282-79927A617A05}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
"{1F9CA85F-7731-4C83-AFCF-4F8338A61313}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{228F4CEA-856A-419B-9452-F9759436BE47}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{2997A881-AC82-471E-9A8A-82AE261C023A}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{31C26A7E-714D-4C44-83F9-800A9E6545A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{327F0176-6891-4DBC-947E-0BCB2569E855}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3DB0F8CE-1FBD-406E-AAEB-F3DFF536E359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E0B5738-1FC6-48E8-9682-D3B463204BD0}" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"{3EFC477D-0238-43D1-B49E-DEBE6524A54F}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{42C417E5-D7BF-4F97-A0FA-6071F3A473CD}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
"{4641043B-3F4E-48AE-A787-8BD7F19EC66A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{46AF0EA6-B336-455C-953A-938F8D38949C}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{4A494945-1445-4A87-AC33-D3E7EA91AB25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B08EA01-E53B-49B4-AB8D-46AE95308745}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E45FFB3-7BAB-41B9-A2D8-1511C95EE8EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4ED0D0FF-B39E-48AA-BEB3-0D02757EFF26}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52FDFACD-0E0D-4FE9-908E-E7DD4CF5918C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{55FE67EC-4EB8-4526-8A4F-9EEA14E2B386}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5634F55C-59AD-4BBA-B893-2C959F9A1708}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{5BE36B26-86C7-4E50-87FB-6BBFBDB4DDE9}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{630275C4-792A-47AC-8390-923970A99BE1}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{638D4F8D-D9BA-4F90-828B-37EF0FA12257}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\remotesupport.exe |
"{6B5826C5-47E1-4AF7-AFB9-34B5AEEDA1CF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{6CF5D2F2-6263-4EA9-A883-803BDF10EE21}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{77BA7DAE-3325-4257-9671-2E0CC9B46DE1}" = protocol=6 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{78ED5E88-37EA-472D-8651-B3A652F72797}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7AF62D5E-DEB2-4FC4-B824-FC88A90DAF27}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{7C80F562-DD1D-45D7-8678-0E0231C42DED}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{836BDAF6-38F5-44B7-A15D-846B21E1DB64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8383AC7D-3E74-413A-AA08-F863E818C07B}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{8A81D917-C600-4398-AC04-B5FBC37AB2C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8BFF060F-A335-4A84-A8D0-746B018457CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{94B154D4-5B5F-48BF-B120-3E43A1125E48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{96153035-1161-4ED6-8D07-2410F121BE27}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{96E20D48-71E9-4CAD-995A-48F806208BEC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{9A78ED47-8020-4909-ABDB-47E89615034B}" = protocol=6 | dir=out | app=system |
"{A7A2EC05-B096-4CAA-B9EA-FB788917B08B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{A923E93A-334D-45C9-B3D1-48949B0439F9}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{B068D4B9-F1EE-47A6-BCBE-5C48AF2A5BA7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B18455A9-5D63-45D5-AAEC-A46A129AF6E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{B25AF542-9FA4-4BBD-AFD9-094E9E435E74}" = protocol=17 | dir=in | app=c:\program files\cyberghost vpn\cyberghost.exe |
"{B5AEF1F4-6D35-425E-AC30-B4FC149BAA15}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B684DF12-C0B2-445A-8DD1-2781DA5E003A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{BB3980E6-F100-44B9-9B00-8E9897BBD94E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C12BBCCD-93F6-404F-AB1C-1185AB2E547D}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{C34F47D4-5B7A-4FFC-8DBC-CAA567103512}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{CF400A5D-D811-4AE4-AC12-CC1A359CCF82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF5CC736-096A-4FCA-9D23-ADCC29B59865}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF9375AA-3E04-41A2-9E03-75DB4FB7FD36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D1DD76AC-0EC0-432B-BC78-609486905456}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{D3BDABD9-A23E-48C9-9289-24BD1A1AA032}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DEF8D259-DB16-4C21-8878-FA7FC1A4B9E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4115ADC-6591-40DB-81C5-A6A1055C4682}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E593F298-1CB5-4E42-9876-F4001068E3AF}" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"{E7E0DD63-C0D9-4109-A1DB-5D1F0AC829D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{EAE3D440-2F3D-4186-A6E6-2DE40CDB2AD5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EC99AAD5-26AC-4ADE-9EB9-CD8CE6D4EFFA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{ECAB847E-AB1D-48EC-86B8-A82EC41F1696}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDCF88C2-3B18-4E90-88F7-20BBBFBBE247}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFCAD808-FDBD-418F-A20A-4A679100BD19}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{F6087465-5C00-4F09-9550-06027024FAAE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FA38A602-4052-43D1-858A-EDCEE3271B18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FECEADC3-AD49-426A-8024-5A4FA54F0111}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{2ABC94C6-3396-4B1D-864D-6D22B0626FD7}C:\program files\gigatribe\gigatribe.exe" = protocol=6 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"TCP Query User{56EDB7D8-A0E4-4C60-A41E-B85598B86D81}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{63458A2F-E5F6-4AFC-80AF-78A5F436D0FC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{DA918A85-FF18-4729-9FEB-40F19D2E73ED}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{1126FDB1-A722-4F3F-BE4F-49A764F2A888}C:\program files\gigatribe\gigatribe.exe" = protocol=17 | dir=in | app=c:\program files\gigatribe\gigatribe.exe |
"UDP Query User{19781B71-611F-4D1B-B78B-C566EFFA80A0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{4A960F42-8054-4CE9-9F37-E5757769B3E5}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{A1CDC3D9-1F83-449D-B82E-28A38BC92B60}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{04DB9640-A905-456C-96F5-F1EB80FEB5C9}" = ProductContext
"{0516DE82-074E-4B74-8C94-59DE55CDA3DD}" = ARC XT for Uniden XT series
"{05DC79C6-4213-45D3-BE8A-50B8B7C1F0E1}" = bpd_scan_Carrier
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0887452F-715A-436E-9934-059173B919F9}" = Enterasys NAC Assessment Agent
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB453A58-FA82-455B-9B55-A0572E1E8FA2}" = ARC XT PRO for Uniden XT series
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B5A4C902-1636-48DB-8E38-F0DB102DDB59}" = MPM
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AuranTS2009_is1" = Trainz Simulator 2009: World Builder Edition
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"FrostWire" = FrostWire 4.21.8
"FrostWire 5" = FrostWire 5.3.7
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2012 11:12:55 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bccac Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
id: 0x14c0 Faulting application start time: 0x01cd94e6e19195fe Faulting application
path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 279761cf-00da-11e2-9bcd-002622f6072e

Error - 9/17/2012 11:15:11 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bccac Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x0002fa7b Faulting process
id: 0x9e0 Faulting application start time: 0x01cd94e73856e655 Faulting application
path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 78c84a1d-00da-11e2-9bcd-002622f6072e

Error - 9/17/2012 1:31:13 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000003 Faulting process id:
0x5a8 Faulting application start time: 0x01cd94e097db40ee Faulting application path:
C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 79a269e5-00ed-11e2-9bcd-002622f6072e

Error - 9/18/2012 5:21:03 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00610069 Faulting process id:
0x67c Faulting application start time: 0x01cd95a5b42baa66 Faulting application path:
C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: bf6daa24-01d6-11e2-8c4d-002622f6072e

Error - 9/18/2012 6:46:30 PM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 920 Start
Time: 01cd95ec52085280 Termination Time: 60000 Application Path: C:\windows\Explorer.EXE
Report
Id: 7e8f8f30-01e2-11e2-8cf7-002622f6072e

Error - 9/18/2012 6:58:09 PM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
Description = The program msseces.exe version 4.0.1526.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: dc4 Start
Time: 01cd95ec5a95ff08 Termination Time: 18861 Application Path: C:\Program Files\Microsoft
Security Client\msseces.exe Report Id: 41ba0116-01e4-11e2-8cf7-002622f6072e

Error - 9/19/2012 5:09:54 AM | Computer Name = Matt-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16667 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1018 Start
Time: 01cd9645937d7033 Termination Time: 109 Application Path: C:\Program Files\Windows
Media Player\wmplayer.exe Report Id: bf4c779d-0239-11e2-9b56-002622f6072e

Error - 9/19/2012 5:10:15 AM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bccb3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16850,
time stamp: 0x4e21132b Exception code: 0x0000046b Fault offset: 0x00009673 Faulting
process id: 0x14e8 Faulting application start time: 0x01cd9645b2ef353d Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\windows\system32\KERNELBASE.dll
Report
Id: d250435a-0239-11e2-9b56-002622f6072e

Error - 9/20/2012 12:57:22 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_HPSLPSVC, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x744 Faulting application start time: 0x01cd968b86b9491c Faulting application path:
C:\windows\system32\svchost.exe Faulting module path: unknown Report Id: 3e52ceb3-0344-11e2-aa14-002622f6072e

Error - 9/20/2012 3:12:24 PM | Computer Name = Matt-PC | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp:
0x4f5f9c86 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp:
0x4cc7ab44 Exception code: 0xc0000005 Fault offset: 0x00052073 Faulting process id:
0xe8c Faulting application start time: 0x01cd9755aafbeb10 Faulting application path:
C:\Users\Matt\Desktop\aswMBR.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 1b635fbf-0357-11e2-bb5e-002622f6072e

[ Media Center Events ]
Error - 2/4/2010 10:41:27 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 9:41:27 PM - Error connecting to the internet. 9:41:27 PM - Unable
to contact server..

Error - 2/5/2010 12:33:02 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 11:33:02 AM - Error connecting to the internet. 11:33:02 AM - Unable
to contact server..

Error - 2/21/2010 5:52:24 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 4:52:24 AM - Error connecting to the internet. 4:52:24 AM - Unable
to contact server..

Error - 2/21/2010 5:52:34 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 4:52:29 AM - Error connecting to the internet. 4:52:29 AM - Unable
to contact server..

Error - 2/27/2010 12:44:54 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 11:44:44 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 4/2/2010 12:33:41 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 12:33:41 PM - Error connecting to the internet. 12:33:41 PM - Unable
to contact server..

Error - 4/2/2010 12:33:50 PM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 12:33:46 PM - Error connecting to the internet. 12:33:46 PM - Unable
to contact server..

Error - 7/8/2010 10:43:48 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 10:43:04 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 7/8/2010 10:45:09 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 10:43:48 AM - Failed to retrieve Broadband (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 9/7/2010 11:02:23 AM | Computer Name = Matt-PC | Source = MCUpdate | ID = 0
Description = 11:02:20 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ System Events ]
Error - 9/20/2012 1:08:45 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 9/20/2012 1:08:45 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 9/20/2012 1:11:14 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 9/20/2012 3:17:20 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 9/20/2012 3:17:20 PM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 9/20/2012 3:20:09 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 9/20/2012 3:34:39 PM | Computer Name = Matt-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 9/21/2012 10:09:49 AM | Computer Name = Matt-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 9/21/2012 10:09:49 AM | Computer Name = Matt-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 9/21/2012 10:12:19 AM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2


< End of report >

 

[Communications]

And my java is back, turns out the server was just down

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
  SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
  O2 - BHO: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
  O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
  O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
  O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll File not found
  O3 - HKLM\..\Toolbar: (24MusicBar Toolbar) - {54d0da58-64e7-4408-be1f-72659f70fcbe} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000\..\Toolbar\WebBrowser: (24MusicBar Toolbar) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - C:\Program Files\24MusicBar\tb24Mu.dll File not found
  O4 - HKU\S-1-5-21-1541042141-3281804592-2248747456-1000..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File not found
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
  [2010/04/15 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l
  [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
  [2011/02/11 13:07:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
  [2012/09/17 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
  @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Communications]

Sorry for delay, didnt know that there was a second page created. here is the results from OTL, and it ran perfectly w/o stalling.

All processes killed
========== OTL ==========
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
File C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc not found.
Service gupdate stopped successfully!
Service gupdate deleted successfully!
File C:\Program Files\Google\Update\GoogleUpdate.exe /svc not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{54d0da58-64e7-4408-be1f-72659f70fcbe} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54d0da58-64e7-4408-be1f-72659f70fcbe}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{54D0DA58-64E7-4408-BE1F-72659F70FCBE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}\ not found.
Registry value HKEY_USERS\S-1-5-21-1541042141-3281804592-2248747456-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
C:\Users\Matt\AppData\LocalLow\Microsoft\Silverlight\is\vrs5m4sp.znf\frpy2pst.ljd\1\l folder moved successfully.
C:\windows\assembly\Desktop.ini moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\Track Eraser folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG\Integrator folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG folder moved successfully.
C:\Users\Matt\AppData\Roaming\AVG2013 folder moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 9786219 bytes
->Temporary Internet Files folder emptied: 82931779 bytes
->Java cache emptied: 465898 bytes
->Flash cache emptied: 13669 bytes

User: Matt
->Temp folder emptied: 92813246 bytes
->Temporary Internet Files folder emptied: 125291354 bytes
->Java cache emptied: 462470 bytes
->Flash cache emptied: 2457 bytes

User: Public

User: Tammy
->Java cache emptied: 0 bytes
->Flash cache emptied: 1083 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 235720655 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 522.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: Matt
->Java cache emptied: 0 bytes

User: Public

User: Tammy
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Matt
->Flash cache emptied: 0 bytes

User: Public

User: Tammy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09232012_164053
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Communications]

Results of screen317's Security Check version 0.99.51
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC Tuneup 2011
Java(TM) 6 Update 35
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Communications]

Farbar Service Scanner Version: 19-09-2012
Ran by Matt (administrator) on 23-09-2012 at 16:58:43
Running from "C:\Users\Matt\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2011-08-14 02:34] - [2011-06-21 01:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1
C:\windows\system32\dnsrslvr.dll
[2011-04-14 17:54] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9
C:\windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E
C:\windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446
C:\windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll
[2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1
C:\windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Communications]

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 17:01:49
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\24MusicBar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54D0DA58-64E7-4408-BE1F-72659F70FCBE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\24MusicBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6AD9C39-B7B4-47AF-ADC9-681EC09F64AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2415802
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6AD9C39-B7B4-47AF-ADC9-681EC09F64AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{54D0DA58-64E7-4408-BE1F-72659F70FCBE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{54D0DA58-64E7-4408-BE1F-72659F70FCBE}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=7148&bi=400 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [6036 octets] - [23/09/2012 17:01:49]
########## EOF - C:\AdwCleaner[S1].txt - [6096 octets] ##########