Solved Need help with Trojan please

[Resolved] Need help with Trojan please

LogsMalwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]

12/19/2012 8:21:35 PM
mbam-log-2012-12-19 (20-21-35).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328820
Time elapsed: 28 minute(s), 3 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3064 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\ProgramData\Microsoft\Windows\DRM\447E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\447F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Dave\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\638be955-329d6056 (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2012 4:07:17 PM
System Uptime: 12/19/2012 8:07:21 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 530.923 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP42: 11/18/2012 9:52:10 AM - Windows Update
RP43: 11/19/2012 10:49:28 PM - Windows Update
RP44: 11/20/2012 8:47:56 AM - Windows Update
RP45: 11/21/2012 9:14:34 PM - Windows Update
RP46: 11/25/2012 2:18:19 PM - Windows Update
RP47: 11/29/2012 5:10:48 AM - Windows Update
RP48: 11/30/2012 5:05:49 AM - Windows Update
RP49: 12/3/2012 8:47:39 PM - Windows Update
RP50: 12/6/2012 10:19:43 PM - Windows Update
RP51: 12/10/2012 10:09:39 PM - Windows Update
RP52: 12/12/2012 8:36:16 AM - Windows Update
RP53: 12/15/2012 9:30:42 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Links
ArcSoft Panorama Maker 4
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
CCleaner
Conexant HD Audio
D3DX10
ESET Online Scanner v3
FATE - The Traitor Soul
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Transfer
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Launcher
Synaptics Pointing Device Driver
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/19/2012 6:29:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:29:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/19/2012 6:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/19/2012 6:29:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2012 6:29:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/19/2012 6:28:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
12/19/2012 6:28:45 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:07:15 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/19/2012 6:07:15 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/18/2012 9:03:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:03:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/18/2012 9:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/18/2012 9:02:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2012 9:25:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
12/17/2012 6:02:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/17/2012 6:02:46 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2012 6:02:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/16/2012 4:06:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/15/2012 9:36:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Dave at 21:19:30 on 2012-12-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.5177 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\notepad.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
uRun: [Google] "xidpwooedd.exe "
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll ",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIKONM~1.LNK - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{6D234545-77C9-4FBB-8586-56A198A2C020} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6D234545-77C9-4FBB-8586-56A198A2C020}\24F696E676F60284F6473707F647 : DHCPNameServer = 66.103.80.4 66.103.64.4
TCP: Interfaces\{6D234545-77C9-4FBB-8586-56A198A2C020}\45F677E602F6660224162697C6F6E60224561636865637 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{6D234545-77C9-4FBB-8586-56A198A2C020}\7594D27455543545 : DHCPNameServer = 204.117.214.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 MpKsl2f85a61e;MpKsl2f85a61e;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\MpKsl2f85a61e.sys [2012-12-19 35664]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-10 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-12 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-4-12 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-12 2656280]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-4-12 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-8-9 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-4-12 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-4-12 1109096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-4-12 243712]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2011-10-30 27648]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-20 02:45:54 -------- d-----w- C:\windows\Microsoft Antimalware
2012-12-20 01:08:37 20480 ------w- C:\windows\svchost.exe
2012-12-20 01:07:58 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\offreg.dll
2012-12-20 01:07:53 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\MpKsl2f85a61e.sys
2012-12-19 23:24:50 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\mpengine.dll
2012-12-18 11:36:39 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-12 12:26:31 8192 ----a-w- C:\Users\Dave\qudgfeogufrd.exe
2012-12-12 09:50:57 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-12-12 09:50:57 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-11-29 11:58:51 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-29 10:12:27 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A292A367-D84A-4895-925F-D84B924CE0D3}\gapaengine.dll
2012-11-20 11:26:13 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-20 11:26:13 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-20 11:26:13 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-20 11:26:13 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-20 03:50:18 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-20 03:50:18 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-20 03:50:18 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-20 03:50:18 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-20 03:50:17 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-20 03:50:17 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-20 03:50:17 229888 ----a-w- C:\windows\System32\WUDFHost.exe
.
==================== Find3M ====================
.
2012-12-12 12:35:21 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 12:35:21 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-05 21:35:16 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-11-05 20:41:32 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-11-05 20:32:16 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-11-05 20:32:09 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-11-05 15:34:38 106496 ----a-w- C:\windows\SysWow64\ATL71.DLL
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-09-30 00:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll
.
============= FINISH: 21:20:05.86 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 21:16:49
-----------------------------
21:16:49.134 OS Version: Windows x64 6.1.7601 Service Pack 1
21:16:49.134 Number of processors: 4 586 0x2A07
21:16:49.135 ComputerName: DAVE-PC UserName: Dave
21:16:54.134 Initialize success
21:17:11.337 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:17:11.339 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
21:17:11.341 Device \Driver\iaStor -> MajorFunction fffffa800a0a65e8
21:17:11.344 Disk 0 MBR read successfully
21:17:11.346 Disk 0 MBR scan
21:17:11.348 Disk 0 Windows VISTA default MBR code
21:17:11.356 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:17:11.369 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594982 MB offset 3074048
21:17:11.393 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13997 MB offset 1221597184
21:17:11.436 Disk 0 scanning C:\windows\system32\drivers
21:17:18.275 Service scanning
21:17:29.101 Service MpKsl2f85a61e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\MpKsl2f85a61e.sys **LOCKED** 32
21:17:41.966 Modules scanning
21:17:41.973 Disk 0 trace - called modules:
21:17:42.303 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800a0a65e8]<<
21:17:42.307 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800997b060]
21:17:42.312 3 CLASSPNP.SYS[fffff8800168b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80086c4050]
21:17:42.316 \Driver\iaStor[0xfffffa8009868e70] -> IRP_MJ_CREATE -> 0xfffffa800a0a65e8
21:17:42.320 Scan finished successfully
21:18:12.978 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat "
21:18:12.984 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt "

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2012 4:07:17 PM
System Uptime: 12/19/2012 8:07:21 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 530.923 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP42: 11/18/2012 9:52:10 AM - Windows Update
RP43: 11/19/2012 10:49:28 PM - Windows Update
RP44: 11/20/2012 8:47:56 AM - Windows Update
RP45: 11/21/2012 9:14:34 PM - Windows Update
RP46: 11/25/2012 2:18:19 PM - Windows Update
RP47: 11/29/2012 5:10:48 AM - Windows Update
RP48: 11/30/2012 5:05:49 AM - Windows Update
RP49: 12/3/2012 8:47:39 PM - Windows Update
RP50: 12/6/2012 10:19:43 PM - Windows Update
RP51: 12/10/2012 10:09:39 PM - Windows Update
RP52: 12/12/2012 8:36:16 AM - Windows Update
RP53: 12/15/2012 9:30:42 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Amazon Links
ArcSoft Panorama Maker 4
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
CCleaner
Conexant HD Audio
D3DX10
ESET Online Scanner v3
FATE - The Traitor Soul
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Transfer
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Launcher
Synaptics Pointing Device Driver
Tales of Lagoona
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/19/2012 6:29:35 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:29:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/19/2012 6:29:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/19/2012 6:29:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2012 6:29:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/19/2012 6:28:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr vpcvmm Wanarpv6
12/19/2012 6:28:45 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/19/2012 6:07:15 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/19/2012 6:07:15 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/18/2012 9:03:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:03:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/18/2012 9:02:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/18/2012 9:02:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2012 9:02:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/17/2012 9:25:01 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
12/17/2012 6:02:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/17/2012 6:02:46 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/17/2012 6:02:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/16/2012 4:06:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
12/15/2012 9:36:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

 

This is correct one
04:45:56.0679 1632 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:45:57.0396 1632 ============================================================
04:45:57.0396 1632 Current date / time: 2012/12/20 04:45:57.0396
04:45:57.0396 1632 SystemInfo:
04:45:57.0396 1632
04:45:57.0396 1632 OS Version: 6.1.7601 ServicePack: 1.0
04:45:57.0396 1632 Product type: Workstation
04:45:57.0396 1632 ComputerName: DAVE-PC
04:45:57.0396 1632 UserName: Dave
04:45:57.0396 1632 Windows directory: C:\windows
04:45:57.0396 1632 System windows directory: C:\windows
04:45:57.0396 1632 Running under WOW64
04:45:57.0396 1632 Processor architecture: Intel x64
04:45:57.0396 1632 Number of processors: 4
04:45:57.0396 1632 Page size: 0x1000
04:45:57.0396 1632 Boot type: Normal boot
04:45:57.0396 1632 ============================================================
04:45:57.0988 1632 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:45:57.0988 1632 ============================================================
04:45:57.0988 1632 \Device\Harddisk0\DR0:
04:45:57.0988 1632 MBR partitions:
04:45:57.0988 1632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48A13000
04:45:57.0988 1632 ============================================================
04:45:58.0082 1632 C: <-> \Device\Harddisk0\DR0\Partition1
04:45:58.0082 1632 ============================================================
04:45:58.0082 1632 Initialize success
04:45:58.0082 1632 ============================================================
04:46:06.0006 4580 ============================================================
04:46:06.0006 4580 Scan started
04:46:06.0006 4580 Mode: Manual;
04:46:06.0006 4580 ============================================================
04:46:06.0216 4580 ================ Scan system memory ========================
04:46:06.0216 4580 System memory - ok
04:46:06.0216 4580 ================ Scan services =============================
04:46:06.0406 4580 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
04:46:06.0406 4580 1394ohci - ok
04:46:06.0466 4580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
04:46:06.0466 4580 ACPI - ok
04:46:06.0496 4580 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
04:46:06.0496 4580 AcpiPmi - ok
04:46:06.0676 4580 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:46:06.0686 4580 AdobeFlashPlayerUpdateSvc - ok
04:46:06.0736 4580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
04:46:06.0746 4580 adp94xx - ok
04:46:06.0806 4580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
04:46:06.0806 4580 adpahci - ok
04:46:06.0836 4580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
04:46:06.0836 4580 adpu320 - ok
04:46:06.0876 4580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
04:46:06.0876 4580 AeLookupSvc - ok
04:46:06.0946 4580 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
04:46:06.0956 4580 AFD - ok
04:46:07.0006 4580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
04:46:07.0016 4580 agp440 - ok
04:46:07.0066 4580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
04:46:07.0066 4580 ALG - ok
04:46:07.0116 4580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
04:46:07.0126 4580 aliide - ok
04:46:07.0156 4580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
04:46:07.0156 4580 amdide - ok
04:46:07.0186 4580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
04:46:07.0196 4580 AmdK8 - ok
04:46:07.0216 4580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
04:46:07.0216 4580 AmdPPM - ok
04:46:07.0256 4580 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
04:46:07.0256 4580 amdsata - ok
04:46:07.0296 4580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
04:46:07.0296 4580 amdsbs - ok
04:46:07.0326 4580 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
04:46:07.0326 4580 amdxata - ok
04:46:07.0366 4580 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
04:46:07.0366 4580 AppID - ok
04:46:07.0406 4580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
04:46:07.0416 4580 AppIDSvc - ok
04:46:07.0446 4580 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
04:46:07.0446 4580 Appinfo - ok
04:46:07.0506 4580 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
04:46:07.0516 4580 AppMgmt - ok
04:46:07.0556 4580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
04:46:07.0566 4580 arc - ok
04:46:07.0596 4580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
04:46:07.0606 4580 arcsas - ok
04:46:07.0646 4580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
04:46:07.0646 4580 AsyncMac - ok
04:46:07.0706 4580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
04:46:07.0706 4580 atapi - ok
04:46:07.0806 4580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
04:46:07.0816 4580 AudioEndpointBuilder - ok
04:46:07.0836 4580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
04:46:07.0846 4580 AudioSrv - ok
04:46:07.0896 4580 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
04:46:07.0896 4580 AxInstSV - ok
04:46:07.0996 4580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
04:46:08.0006 4580 b06bdrv - ok
04:46:08.0046 4580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
04:46:08.0056 4580 b57nd60a - ok
04:46:08.0086 4580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
04:46:08.0096 4580 BDESVC - ok
04:46:08.0126 4580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
04:46:08.0126 4580 Beep - ok
04:46:08.0186 4580 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
04:46:08.0196 4580 BFE - ok
04:46:08.0236 4580 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
04:46:08.0266 4580 BITS - ok
04:46:08.0306 4580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
04:46:08.0306 4580 blbdrive - ok
04:46:08.0326 4580 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
04:46:08.0326 4580 bowser - ok
04:46:08.0346 4580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
04:46:08.0356 4580 BrFiltLo - ok
04:46:08.0356 4580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
04:46:08.0356 4580 BrFiltUp - ok
04:46:08.0396 4580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
04:46:08.0396 4580 Browser - ok
04:46:08.0436 4580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
04:46:08.0446 4580 Brserid - ok
04:46:08.0456 4580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
04:46:08.0456 4580 BrSerWdm - ok
04:46:08.0466 4580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
04:46:08.0466 4580 BrUsbMdm - ok
04:46:08.0476 4580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
04:46:08.0476 4580 BrUsbSer - ok
04:46:08.0506 4580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
04:46:08.0506 4580 BTHMODEM - ok
04:46:08.0546 4580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
04:46:08.0546 4580 bthserv - ok
04:46:08.0556 4580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
04:46:08.0556 4580 cdfs - ok
04:46:08.0586 4580 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
04:46:08.0586 4580 cdrom - ok
04:46:08.0626 4580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
04:46:08.0626 4580 CertPropSvc - ok
04:46:08.0656 4580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
04:46:08.0656 4580 circlass - ok
04:46:08.0686 4580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
04:46:08.0696 4580 CLFS - ok
04:46:08.0756 4580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:46:08.0756 4580 clr_optimization_v2.0.50727_32 - ok
04:46:08.0796 4580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:46:08.0796 4580 clr_optimization_v2.0.50727_64 - ok
04:46:08.0856 4580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:46:08.0966 4580 clr_optimization_v4.0.30319_32 - ok
04:46:09.0026 4580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:46:09.0036 4580 clr_optimization_v4.0.30319_64 - ok
04:46:09.0086 4580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
04:46:09.0086 4580 CmBatt - ok
04:46:09.0106 4580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
04:46:09.0106 4580 cmdide - ok
04:46:09.0153 4580 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
04:46:09.0168 4580 CNG - ok
04:46:09.0309 4580 [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
04:46:09.0324 4580 CnxtHdAudService - ok
04:46:09.0371 4580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
04:46:09.0371 4580 Compbatt - ok
04:46:09.0387 4580 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
04:46:09.0387 4580 CompositeBus - ok
04:46:09.0402 4580 COMSysApp - ok
04:46:09.0418 4580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
04:46:09.0418 4580 crcdisk - ok
04:46:09.0449 4580 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
04:46:09.0449 4580 CryptSvc - ok
04:46:09.0496 4580 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
04:46:09.0496 4580 CSC - ok
04:46:09.0512 4580 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
04:46:09.0527 4580 CscService - ok
04:46:09.0652 4580 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
04:46:09.0668 4580 cvhsvc - ok
04:46:09.0714 4580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
04:46:09.0730 4580 DcomLaunch - ok
04:46:09.0761 4580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
04:46:09.0761 4580 defragsvc - ok
04:46:09.0808 4580 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
04:46:09.0808 4580 DfsC - ok
04:46:09.0855 4580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
04:46:09.0855 4580 Dhcp - ok
04:46:09.0855 4580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
04:46:09.0855 4580 discache - ok
04:46:09.0886 4580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
04:46:09.0886 4580 Disk - ok
04:46:09.0917 4580 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
04:46:09.0917 4580 dmvsc - ok
04:46:09.0933 4580 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
04:46:09.0948 4580 Dnscache - ok
04:46:09.0964 4580 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
04:46:09.0980 4580 dot3svc - ok
04:46:09.0995 4580 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
04:46:10.0011 4580 DPS - ok
04:46:10.0042 4580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
04:46:10.0042 4580 drmkaud - ok
04:46:10.0073 4580 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
04:46:10.0089 4580 DXGKrnl - ok
04:46:10.0120 4580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
04:46:10.0120 4580 EapHost - ok
04:46:10.0229 4580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
04:46:10.0307 4580 ebdrv - ok
04:46:10.0354 4580 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
04:46:10.0354 4580 EFS - ok
04:46:10.0416 4580 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
04:46:10.0432 4580 ehRecvr - ok
04:46:10.0448 4580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
04:46:10.0448 4580 ehSched - ok
04:46:10.0510 4580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
04:46:10.0526 4580 elxstor - ok
04:46:10.0541 4580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
04:46:10.0541 4580 ErrDev - ok
04:46:10.0588 4580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
04:46:10.0604 4580 EventSystem - ok
04:46:10.0619 4580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
04:46:10.0635 4580 exfat - ok
04:46:10.0666 4580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
04:46:10.0682 4580 fastfat - ok
04:46:10.0744 4580 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
04:46:10.0760 4580 Fax - ok
04:46:10.0791 4580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
04:46:10.0791 4580 fdc - ok
04:46:10.0822 4580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
04:46:10.0822 4580 fdPHost - ok
04:46:10.0838 4580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
04:46:10.0838 4580 FDResPub - ok
04:46:10.0869 4580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
04:46:10.0869 4580 FileInfo - ok
04:46:10.0900 4580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
04:46:10.0900 4580 Filetrace - ok
04:46:10.0916 4580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
04:46:10.0916 4580 flpydisk - ok
04:46:10.0931 4580 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
04:46:10.0947 4580 FltMgr - ok
04:46:10.0978 4580 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
04:46:10.0994 4580 FontCache - ok
04:46:11.0040 4580 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:46:11.0040 4580 FontCache3.0.0.0 - ok
04:46:11.0072 4580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
04:46:11.0072 4580 FsDepends - ok
04:46:11.0118 4580 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
04:46:11.0118 4580 Fs_Rec - ok
04:46:11.0150 4580 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
04:46:11.0150 4580 fvevol - ok
04:46:11.0196 4580 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
04:46:11.0196 4580 FwLnk - ok
04:46:11.0228 4580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
04:46:11.0228 4580 gagp30kx - ok
04:46:11.0337 4580 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
04:46:11.0337 4580 GamesAppService - ok
04:46:11.0384 4580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
04:46:11.0399 4580 gpsvc - ok
04:46:11.0477 4580 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:46:11.0477 4580 gupdate - ok
04:46:11.0493 4580 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:46:11.0493 4580 gupdatem - ok
04:46:11.0524 4580 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:46:11.0524 4580 gusvc - ok
04:46:11.0586 4580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
04:46:11.0586 4580 hcw85cir - ok
04:46:11.0618 4580 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
04:46:11.0618 4580 HdAudAddService - ok
04:46:11.0664 4580 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
04:46:11.0664 4580 HDAudBus - ok
04:46:11.0680 4580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
04:46:11.0680 4580 HidBatt - ok
04:46:11.0696 4580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
04:46:11.0696 4580 HidBth - ok
04:46:11.0711 4580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
04:46:11.0711 4580 HidIr - ok
04:46:11.0742 4580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
04:46:11.0742 4580 hidserv - ok
04:46:11.0774 4580 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
04:46:11.0774 4580 HidUsb - ok
04:46:11.0789 4580 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
04:46:11.0789 4580 hkmsvc - ok
04:46:11.0820 4580 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
04:46:11.0836 4580 HomeGroupListener - ok
04:46:11.0867 4580 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
04:46:11.0867 4580 HomeGroupProvider - ok
04:46:11.0914 4580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
04:46:11.0914 4580 HpSAMD - ok
04:46:11.0945 4580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
04:46:11.0961 4580 HTTP - ok
04:46:11.0992 4580 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
04:46:11.0992 4580 hwpolicy - ok
04:46:12.0008 4580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
04:46:12.0008 4580 i8042prt - ok
04:46:12.0070 4580 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
04:46:12.0070 4580 iaStor - ok
04:46:12.0101 4580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
04:46:12.0117 4580 iaStorV - ok
04:46:12.0195 4580 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
04:46:12.0210 4580 IDriverT - ok
04:46:12.0273 4580 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:46:12.0288 4580 idsvc - ok
04:46:12.0585 4580 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
04:46:12.0834 4580 igfx - ok
04:46:12.0866 4580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
04:46:12.0866 4580 iirsp - ok
04:46:12.0897 4580 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
04:46:12.0912 4580 IKEEXT - ok
04:46:12.0928 4580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
04:46:12.0928 4580 intelide - ok
04:46:12.0969 4580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
04:46:12.0969 4580 intelppm - ok
04:46:12.0989 4580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
04:46:12.0989 4580 IPBusEnum - ok
04:46:13.0009 4580 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
04:46:13.0019 4580 IpFilterDriver - ok
04:46:13.0049 4580 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
04:46:13.0069 4580 iphlpsvc - ok
04:46:13.0069 4580 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
04:46:13.0079 4580 IPMIDRV - ok
04:46:13.0089 4580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
04:46:13.0099 4580 IPNAT - ok
04:46:13.0119 4580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
04:46:13.0129 4580 IRENUM - ok
04:46:13.0159 4580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
04:46:13.0169 4580 isapnp - ok
04:46:13.0229 4580 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
04:46:13.0239 4580 iScsiPrt - ok
04:46:13.0269 4580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
04:46:13.0269 4580 kbdclass - ok
04:46:13.0309 4580 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
04:46:13.0309 4580 kbdhid - ok
04:46:13.0339 4580 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
04:46:13.0349 4580 KeyIso - ok
04:46:13.0369 4580 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
04:46:13.0369 4580 KSecDD - ok
04:46:13.0399 4580 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
04:46:13.0399 4580 KSecPkg - ok
04:46:13.0419 4580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
04:46:13.0419 4580 ksthunk - ok
04:46:13.0459 4580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
04:46:13.0469 4580 KtmRm - ok
04:46:13.0509 4580 [ 045FB70BC993B691517CE309045FF02D ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
04:46:13.0509 4580 L1C - ok
04:46:13.0559 4580 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
04:46:13.0569 4580 LanmanServer - ok
04:46:13.0589 4580 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
04:46:13.0599 4580 LanmanWorkstation - ok
04:46:13.0639 4580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
04:46:13.0639 4580 lltdio - ok
04:46:13.0689 4580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
04:46:13.0689 4580 lltdsvc - ok
04:46:13.0719 4580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
04:46:13.0719 4580 lmhosts - ok
04:46:13.0779 4580 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
04:46:13.0789 4580 LMS - ok
04:46:13.0809 4580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
04:46:13.0819 4580 LSI_FC - ok
04:46:13.0849 4580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
04:46:13.0849 4580 LSI_SAS - ok
04:46:13.0859 4580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
04:46:13.0869 4580 LSI_SAS2 - ok
04:46:13.0879 4580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
04:46:13.0889 4580 LSI_SCSI - ok
04:46:13.0909 4580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
04:46:13.0919 4580 luafv - ok
04:46:13.0979 4580 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
04:46:13.0979 4580 MBAMProtector - ok
04:46:14.0069 4580 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
04:46:14.0069 4580 MBAMScheduler - ok
04:46:14.0129 4580 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
04:46:14.0149 4580 MBAMService - ok
04:46:14.0179 4580 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
04:46:14.0189 4580 Mcx2Svc - ok
04:46:14.0209 4580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
04:46:14.0209 4580 megasas - ok
04:46:14.0239 4580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
04:46:14.0249 4580 MegaSR - ok
04:46:14.0299 4580 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
04:46:14.0299 4580 MEIx64 - ok
04:46:14.0329 4580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
04:46:14.0339 4580 MMCSS - ok
04:46:14.0349 4580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
04:46:14.0349 4580 Modem - ok
04:46:14.0399 4580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
04:46:14.0399 4580 monitor - ok
04:46:14.0429 4580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
04:46:14.0429 4580 mouclass - ok
04:46:14.0449 4580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
04:46:14.0449 4580 mouhid - ok
04:46:14.0469 4580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
04:46:14.0469 4580 mountmgr - ok
04:46:14.0539 4580 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
04:46:14.0539 4580 MpFilter - ok
04:46:14.0579 4580 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
04:46:14.0579 4580 mpio - ok
04:46:14.0679 4580 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl2f85a61e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\MpKsl2f85a61e.sys
04:46:14.0709 4580 MpKsl2f85a61e - ok
04:46:14.0769 4580 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKslae2d61a6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{47D30E3A-771B-45CA-B606-B8C9CAA3DF41}\MpKslae2d61a6.sys
04:46:14.0769 4580 MpKslae2d61a6 - ok
04:46:14.0799 4580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
04:46:14.0799 4580 mpsdrv - ok
04:46:14.0859 4580 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
04:46:14.0879 4580 MpsSvc - ok
04:46:14.0899 4580 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
04:46:14.0899 4580 MRxDAV - ok
04:46:14.0929 4580 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
04:46:14.0929 4580 mrxsmb - ok
04:46:14.0949 4580 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
04:46:14.0949 4580 mrxsmb10 - ok
04:46:14.0969 4580 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
04:46:14.0979 4580 mrxsmb20 - ok
04:46:14.0999 4580 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
04:46:14.0999 4580 msahci - ok
04:46:15.0019 4580 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
04:46:15.0019 4580 msdsm - ok
04:46:15.0050 4580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
04:46:15.0050 4580 MSDTC - ok
04:46:15.0097 4580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
04:46:15.0097 4580 Msfs - ok
04:46:15.0128 4580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
04:46:15.0128 4580 mshidkmdf - ok
04:46:15.0144 4580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
04:46:15.0144 4580 msisadrv - ok
04:46:15.0191 4580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
04:46:15.0191 4580 MSiSCSI - ok
04:46:15.0206 4580 msiserver - ok
04:46:15.0269 4580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
04:46:15.0269 4580 MSKSSRV - ok
04:46:15.0347 4580 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:46:15.0347 4580 MsMpSvc - ok
04:46:15.0378 4580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
04:46:15.0378 4580 MSPCLOCK - ok
04:46:15.0394 4580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
04:46:15.0394 4580 MSPQM - ok
04:46:15.0425 4580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
04:46:15.0425 4580 MsRPC - ok
04:46:15.0456 4580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
04:46:15.0456 4580 mssmbios - ok
04:46:15.0472 4580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
04:46:15.0472 4580 MSTEE - ok
04:46:15.0503 4580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
04:46:15.0503 4580 MTConfig - ok
04:46:15.0503 4580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
04:46:15.0518 4580 Mup - ok
04:46:15.0565 4580 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
04:46:15.0565 4580 napagent - ok
04:47:53.0490 4972 Deinitialize success

 

Other half

4:46:18.0763 4580 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
04:46:18.0779 4580 rdyboost - ok
04:46:18.0794 4580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
04:46:18.0794 4580 RemoteAccess - ok
04:46:18.0826 4580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
04:46:18.0826 4580 RemoteRegistry - ok
04:46:18.0857 4580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
04:46:18.0857 4580 RpcEptMapper - ok
04:46:18.0904 4580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
04:46:18.0904 4580 RpcLocator - ok
04:46:18.0935 4580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
04:46:18.0935 4580 RpcSs - ok
04:46:18.0982 4580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
04:46:18.0997 4580 rspndr - ok
04:46:19.0044 4580 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
04:46:19.0044 4580 RSUSBSTOR - ok
04:46:19.0091 4580 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
04:46:19.0122 4580 RTL8192Ce - ok
04:46:19.0138 4580 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
04:46:19.0138 4580 s3cap - ok
04:46:19.0153 4580 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
04:46:19.0153 4580 SamSs - ok
04:46:19.0169 4580 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
04:46:19.0169 4580 sbp2port - ok
04:46:19.0231 4580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
04:46:19.0247 4580 SCardSvr - ok
04:46:19.0278 4580 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
04:46:19.0278 4580 scfilter - ok
04:46:19.0325 4580 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
04:46:19.0356 4580 Schedule - ok
04:46:19.0372 4580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
04:46:19.0387 4580 SCPolicySvc - ok
04:46:19.0418 4580 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
04:46:19.0434 4580 SDRSVC - ok
04:46:19.0465 4580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
04:46:19.0481 4580 secdrv - ok
04:46:19.0496 4580 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
04:46:19.0496 4580 seclogon - ok
04:46:19.0528 4580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
04:46:19.0528 4580 SENS - ok
04:46:19.0543 4580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
04:46:19.0559 4580 SensrSvc - ok
04:46:19.0590 4580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
04:46:19.0590 4580 Serenum - ok
04:46:19.0621 4580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
04:46:19.0621 4580 Serial - ok
04:46:19.0652 4580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
04:46:19.0652 4580 sermouse - ok
04:46:19.0715 4580 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
04:46:19.0715 4580 SessionEnv - ok
04:46:19.0715 4580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
04:46:19.0730 4580 sffdisk - ok
04:46:19.0730 4580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
04:46:19.0730 4580 sffp_mmc - ok
04:46:19.0746 4580 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
04:46:19.0746 4580 sffp_sd - ok
04:46:19.0777 4580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
04:46:19.0777 4580 sfloppy - ok
04:46:19.0840 4580 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
04:46:19.0840 4580 Sftfs - ok
04:46:19.0886 4580 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
04:46:19.0902 4580 sftlist - ok
04:46:19.0933 4580 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
04:46:19.0933 4580 Sftplay - ok
04:46:19.0949 4580 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
04:46:19.0964 4580 Sftredir - ok
04:46:19.0980 4580 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
04:46:19.0980 4580 Sftvol - ok
04:46:20.0027 4580 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
04:46:20.0027 4580 sftvsa - ok
04:46:20.0058 4580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
04:46:20.0074 4580 SharedAccess - ok
04:46:20.0120 4580 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
04:46:20.0120 4580 ShellHWDetection - ok
04:46:20.0152 4580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
04:46:20.0152 4580 SiSRaid2 - ok
04:46:20.0167 4580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
04:46:20.0183 4580 SiSRaid4 - ok
04:46:20.0198 4580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
04:46:20.0198 4580 Smb - ok
04:46:20.0261 4580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
04:46:20.0261 4580 SNMPTRAP - ok
04:46:20.0292 4580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
04:46:20.0292 4580 spldr - ok
04:46:20.0323 4580 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
04:46:20.0339 4580 Spooler - ok
04:46:20.0448 4580 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
04:46:20.0526 4580 sppsvc - ok
04:46:20.0542 4580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
04:46:20.0542 4580 sppuinotify - ok
04:46:20.0587 4580 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
04:46:20.0597 4580 srv - ok
04:46:20.0617 4580 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
04:46:20.0627 4580 srv2 - ok
04:46:20.0637 4580 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
04:46:20.0647 4580 srvnet - ok
04:46:20.0687 4580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
04:46:20.0687 4580 SSDPSRV - ok
04:46:20.0707 4580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
04:46:20.0717 4580 SstpSvc - ok
04:46:20.0727 4580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
04:46:20.0727 4580 stexstor - ok
04:46:20.0767 4580 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
04:46:20.0787 4580 stisvc - ok
04:46:20.0827 4580 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
04:46:20.0827 4580 storflt - ok
04:46:20.0847 4580 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
04:46:20.0857 4580 StorSvc - ok
04:46:20.0887 4580 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
04:46:20.0887 4580 storvsc - ok
04:46:20.0917 4580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
04:46:20.0917 4580 swenum - ok
04:46:20.0957 4580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
04:46:20.0967 4580 swprv - ok
04:46:21.0017 4580 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
04:46:21.0027 4580 SynTP - ok
04:46:21.0087 4580 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
04:46:21.0117 4580 SysMain - ok
04:46:21.0147 4580 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
04:46:21.0157 4580 TabletInputService - ok
04:46:21.0217 4580 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
04:46:21.0227 4580 TapiSrv - ok
04:46:21.0247 4580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
04:46:21.0247 4580 TBS - ok
04:46:21.0327 4580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
04:46:21.0347 4580 Tcpip - ok
04:46:21.0387 4580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
04:46:21.0387 4580 TCPIP6 - ok
04:46:21.0427 4580 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
04:46:21.0427 4580 tcpipreg - ok
04:46:21.0457 4580 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
04:46:21.0457 4580 tdcmdpst - ok
04:46:21.0487 4580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
04:46:21.0487 4580 TDPIPE - ok
04:46:21.0507 4580 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
04:46:21.0517 4580 TDTCP - ok
04:46:21.0537 4580 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
04:46:21.0547 4580 tdx - ok
04:46:21.0557 4580 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
04:46:21.0557 4580 TermDD - ok
04:46:21.0607 4580 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
04:46:21.0617 4580 TermService - ok
04:46:21.0637 4580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
04:46:21.0637 4580 Themes - ok
04:46:21.0667 4580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
04:46:21.0667 4580 THREADORDER - ok
04:46:21.0747 4580 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
04:46:21.0747 4580 TMachInfo - ok
04:46:21.0777 4580 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
04:46:21.0777 4580 TODDSrv - ok
04:46:21.0867 4580 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:46:21.0877 4580 TosCoSrv - ok
04:46:21.0927 4580 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:46:21.0927 4580 TOSHIBA HDD SSD Alert Service - ok
04:46:21.0987 4580 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
04:46:21.0997 4580 tos_sps64 - ok
04:46:22.0017 4580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
04:46:22.0027 4580 TrkWks - ok
04:46:22.0077 4580 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
04:46:22.0087 4580 TrustedInstaller - ok
04:46:22.0117 4580 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
04:46:22.0117 4580 tssecsrv - ok
04:46:22.0147 4580 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
04:46:22.0147 4580 TsUsbFlt - ok
04:46:22.0157 4580 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
04:46:22.0157 4580 TsUsbGD - ok
04:46:22.0197 4580 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
04:46:22.0197 4580 tunnel - ok
04:46:22.0237 4580 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
04:46:22.0237 4580 TVALZ - ok
04:46:22.0247 4580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
04:46:22.0257 4580 uagp35 - ok
04:46:22.0297 4580 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
04:46:22.0307 4580 udfs - ok
04:46:22.0347 4580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
04:46:22.0347 4580 UI0Detect - ok
04:46:22.0387 4580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
04:46:22.0387 4580 uliagpkx - ok
04:46:22.0427 4580 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
04:46:22.0437 4580 umbus - ok
04:46:22.0477 4580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
04:46:22.0477 4580 UmPass - ok
04:46:22.0517 4580 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
04:46:22.0527 4580 UmRdpService - ok
04:46:22.0657 4580 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
04:46:22.0687 4580 UNS - ok
04:46:22.0717 4580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
04:46:22.0727 4580 upnphost - ok
04:46:22.0757 4580 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
04:46:22.0757 4580 usbccgp - ok
04:46:22.0777 4580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
04:46:22.0777 4580 usbcir - ok
04:46:22.0787 4580 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
04:46:22.0787 4580 usbehci - ok
04:46:22.0807 4580 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
04:46:22.0817 4580 usbhub - ok
04:46:22.0837 4580 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
04:46:22.0837 4580 usbohci - ok
04:46:22.0847 4580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
04:46:22.0847 4580 usbprint - ok
04:46:22.0877 4580 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
04:46:22.0877 4580 USBSTOR - ok
04:46:22.0877 4580 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
04:46:22.0877 4580 usbuhci - ok
04:46:22.0907 4580 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
04:46:22.0907 4580 usbvideo - ok
04:46:22.0937 4580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
04:46:22.0937 4580 UxSms - ok
04:46:22.0957 4580 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
04:46:22.0957 4580 VaultSvc - ok
04:46:22.0977 4580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
04:46:22.0977 4580 vdrvroot - ok
04:46:22.0997 4580 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
04:46:23.0007 4580 vds - ok
04:46:23.0037 4580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
04:46:23.0047 4580 vga - ok
04:46:23.0067 4580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
04:46:23.0067 4580 VgaSave - ok
04:46:23.0077 4580 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
04:46:23.0087 4580 vhdmp - ok
04:46:23.0107 4580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
04:46:23.0107 4580 viaide - ok
04:46:23.0147 4580 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
04:46:23.0147 4580 vmbus - ok
04:46:23.0217 4580 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
04:46:23.0217 4580 VMBusHID - ok
04:46:23.0257 4580 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
04:46:23.0257 4580 volmgr - ok
04:46:23.0267 4580 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
04:46:23.0277 4580 volmgrx - ok
04:46:23.0297 4580 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
04:46:23.0307 4580 volsnap - ok
04:46:23.0357 4580 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
04:46:23.0367 4580 vpcbus - ok
04:46:23.0387 4580 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
04:46:23.0397 4580 vpcnfltr - ok
04:46:23.0417 4580 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
04:46:23.0417 4580 vpcusb - ok
04:46:23.0467 4580 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
04:46:23.0477 4580 vpcvmm - ok
04:46:23.0507 4580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
04:46:23.0517 4580 vsmraid - ok
04:46:23.0587 4580 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
04:46:23.0617 4580 VSS - ok
04:46:23.0637 4580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
04:46:23.0637 4580 vwifibus - ok
04:46:23.0667 4580 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
04:46:23.0667 4580 vwififlt - ok
04:46:23.0697 4580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
04:46:23.0707 4580 W32Time - ok
04:46:23.0737 4580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
04:46:23.0737 4580 WacomPen - ok
04:46:23.0777 4580 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
04:46:23.0787 4580 WANARP - ok
04:46:23.0787 4580 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
04:46:23.0797 4580 Wanarpv6 - ok
04:46:23.0887 4580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
04:46:23.0907 4580 WatAdminSvc - ok
04:46:23.0977 4580 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
04:46:24.0007 4580 wbengine - ok
04:46:24.0027 4580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
04:46:24.0037 4580 WbioSrvc - ok
04:46:24.0047 4580 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
04:46:24.0067 4580 wcncsvc - ok
04:46:24.0077 4580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
04:46:24.0087 4580 WcsPlugInService - ok
04:46:24.0107 4580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
04:46:24.0107 4580 Wd - ok
04:46:24.0167 4580 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
04:46:24.0177 4580 Wdf01000 - ok
04:46:24.0217 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
04:46:24.0227 4580 WdiServiceHost - ok
04:46:24.0227 4580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
04:46:24.0237 4580 WdiSystemHost - ok
04:46:24.0257 4580 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
04:46:24.0267 4580 WebClient - ok
04:46:24.0297 4580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
04:46:24.0307 4580 Wecsvc - ok
04:46:24.0337 4580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
04:46:24.0347 4580 wercplsupport - ok
04:46:24.0387 4580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
04:46:24.0397 4580 WerSvc - ok
04:46:24.0417 4580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
04:46:24.0417 4580 WfpLwf - ok
04:46:24.0447 4580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
04:46:24.0457 4580 WIMMount - ok
04:46:24.0477 4580 WinDefend - ok
04:46:24.0487 4580 WinHttpAutoProxySvc - ok
04:46:24.0547 4580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
04:46:24.0557 4580 Winmgmt - ok
04:46:24.0627 4580 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
04:46:24.0677 4580 WinRM - ok
04:46:24.0727 4580 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
04:46:24.0737 4580 WinUsb - ok
04:46:24.0787 4580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
04:46:24.0807 4580 Wlansvc - ok
04:46:24.0857 4580 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
04:46:24.0857 4580 wlcrasvc - ok
04:46:24.0967 4580 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:46:25.0017 4580 wlidsvc - ok
04:46:25.0037 4580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
04:46:25.0037 4580 WmiAcpi - ok
04:46:25.0077 4580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
04:46:25.0087 4580 wmiApSrv - ok
04:46:25.0127 4580 WMPNetworkSvc - ok
04:46:25.0157 4580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
04:46:25.0167 4580 WPCSvc - ok
04:46:25.0197 4580 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
04:46:25.0207 4580 WPDBusEnum - ok
04:46:25.0237 4580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
04:46:25.0237 4580 ws2ifsl - ok
04:46:25.0297 4580 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
04:46:25.0297 4580 wscsvc - ok
04:46:25.0307 4580 WSearch - ok
04:46:25.0417 4580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
04:46:25.0467 4580 wuauserv - ok
04:46:25.0477 4580 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
04:46:25.0487 4580 WudfPf - ok
04:46:25.0507 4580 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
04:46:25.0517 4580 WUDFRd - ok
04:46:25.0537 4580 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
04:46:25.0547 4580 wudfsvc - ok
04:46:25.0577 4580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
04:46:25.0577 4580 WwanSvc - ok
04:46:25.0597 4580 ================ Scan global ===============================
04:46:25.0617 4580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
04:46:25.0647 4580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
04:46:25.0657 4580 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
04:46:25.0687 4580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
04:46:25.0727 4580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
04:46:25.0737 4580 [Global] - ok
04:46:25.0737 4580 ================ Scan MBR ==================================
04:46:25.0747 4580 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
04:46:25.0747 4580 Suspicious mbr (Forged): \Device\Harddisk0\DR0
04:46:25.0807 4580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
04:46:25.0807 4580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
04:46:25.0807 4580 ================ Scan VBR ==================================
04:46:25.0817 4580 [ B4543B514D4F6A5044337E0C49B9DAFA ] \Device\Harddisk0\DR0\Partition1
04:46:25.0817 4580 \Device\Harddisk0\DR0\Partition1 - ok
04:46:25.0817 4580 ============================================================
04:46:25.0817 4580 Scan finished
04:46:25.0827 4580 ============================================================
04:46:25.0837 4740 Detected object count: 1
04:46:25.0837 4740 Actual detected object count: 1
04:47:39.0199 4740 \Device\Harddisk0\DR0\# - copied to quarantine
04:47:39.0689 4740 \Device\Harddisk0\DR0 - copied to quarantine
04:47:39.0789 4740 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
04:47:39.0974 4740 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
04:47:40.0024 4740 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
04:47:42.0863 4740 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
04:47:42.0886 4740 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
04:47:42.0890 4740 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
04:47:42.0893 4740 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
04:47:43.0130 4740 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
04:47:43.0146 4740 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
04:47:43.0165 4740 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
04:47:43.0176 4740 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
04:47:43.0683 4740 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
04:47:43.0846 4740 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
04:47:43.0848 4740 \Device\Harddisk0\DR0 - ok
04:47:43.0969 4740 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
04:47:53.0490 4972 Deinitialize success

 

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dave [Admin rights]
Mode : Remove -- Date : 12/20/2012 19:14:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 1ba6e739e199dda7f7b1e6b6d476187f
[BSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594982 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221597184 | Size: 13997 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12202012_02d1914.txt >>
RKreport[1]_S_12202012_02d1913.txt ; RKreport[2]_D_12202012_02d1914.txt



Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]

12/20/2012 5:25:22 PM
mbam-log-2012-12-20 (17-25-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328397
Time elapsed: 32 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\20.12.2012_04.45.57\mbr0000\tdlfs0000\tsk0002.dta (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

ComboFix 12-12-20.02 - Dave 12/20/2012 19:45:09.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8140.6144 [GMT -5:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dave\qudgfeogufrd.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 00:48 . 2012-12-21 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 00:38 . 2012-12-21 00:38 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE6761CF-E475-474E-930D-DF075E9687DC}\offreg.dll
2012-12-21 00:38 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE6761CF-E475-474E-930D-DF075E9687DC}\mpengine.dll
2012-12-20 09:47 . 2012-12-20 09:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-20 02:45 . 2012-12-21 00:37 -------- d-----w- c:\windows\Microsoft Antimalware
2012-12-12 11:24 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-12 09:50 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 09:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-29 11:58 . 2012-11-29 11:58 -------- d-----w- c:\program files (x86)\ESET
2012-11-29 10:12 . 2012-11-29 10:11 972264 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A292A367-D84A-4895-925F-D84B924CE0D3}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 13:37 . 2012-09-16 14:44 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-12 12:35 . 2012-08-10 00:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 12:35 . 2011-10-31 02:34 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-05 15:34 . 2003-03-19 17:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-10-16 08:38 . 2012-11-29 10:11 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 10:11 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 10:11 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-18 15:34 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-18 15:34 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-18 15:34 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-18 15:34 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 09:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-18 15:34 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-18 15:34 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-18 15:34 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-18 15:34 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-18 15:34 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-18 15:34 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-18 15:34 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-18 15:34 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-18 15:34 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-18 15:34 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-18 15:34 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-30 00:54 . 2012-08-10 00:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 16:39 . 2012-09-29 16:39 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-25 22:47 . 2012-11-14 10:24 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 10:24 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation "= "c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder "= "c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace "= "c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2007-10-20 286720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 12:35]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 02:04]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 02:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio "= "c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator "= "c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Google - xidpwooedd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath "= "\ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \ "PCCUJobMgr\" /m \ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1 "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-20 19:50:17
ComboFix-quarantined-files.txt 2012-12-21 00:50
.
Pre-Run: 571,095,027,712 bytes free
Post-Run: 571,293,044,736 bytes free
.
- - End Of File - - CE247EB0FBF1E54ADACAEFA108198295

 

OTL logfile created on: 12/20/2012 8:37:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.92% Memory free
15.90 Gb Paging File | 14.17 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.04 Gb Total Space | 532.12 Gb Free Space | 91.58% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 20:35:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 10:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/12/12 07:35:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 10:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/04 22:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 19:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/09 13:29:08 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/06 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/24 17:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{72C42047-A83C-4B16-9AF4-5469EA78E74B}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{72C42047-A83C-4B16-9AF4-5469EA78E74B}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\..\SearchScopes,DefaultScope = {31DB6981-82F6-46FA-8AF3-933C8E59AA87}
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\..\SearchScopes\{31DB6981-82F6-46FA-8AF3-933C8E59AA87}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\..\SearchScopes\{72C42047-A83C-4B16-9AF4-5469EA78E74B}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS491
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



O1 HOSTS File: ([2012/12/20 19:48:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1350038482-2306759248-1487879652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D234545-77C9-4FBB-8586-56A198A2C020}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 20:30:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/20 19:50:18 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/12/20 19:44:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/12/20 19:44:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/12/20 19:44:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/12/20 19:44:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/20 19:43:59 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/12/20 19:13:05 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\RK_Quarantine
[2012/12/20 04:47:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/19 21:45:54 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2012/11/29 06:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/21 21:19:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/20 20:37:38 | 000,028,592 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 20:37:38 | 000,028,592 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 20:37:07 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/20 20:37:07 | 000,626,214 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/20 20:37:07 | 000,107,290 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/20 20:35:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 20:30:47 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/20 20:30:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/20 20:30:04 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 19:48:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/12/20 19:45:20 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 04:45:05 | 002,195,061 | ---- | M] () -- C:\Users\Dave\Desktop\tdsskiller.zip
[2012/12/19 21:18:12 | 000,000,512 | ---- | M] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/12/12 08:42:53 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/12 08:26:54 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/11/29 05:49:43 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/11/22 11:15:16 | 000,000,000 | -H-- | M] () -- C:\Users\Dave\Documents\Default.rdp
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 19:44:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/20 19:44:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/20 19:44:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/20 19:44:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/20 19:44:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/12/20 04:45:46 | 002,195,061 | ---- | C] () -- C:\Users\Dave\Desktop\tdsskiller.zip
[2012/12/19 21:18:12 | 000,000,512 | ---- | C] () -- C:\Users\Dave\Desktop\MBR.dat
[2012/11/29 05:49:43 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/11/22 11:15:16 | 000,000,000 | -H-- | C] () -- C:\Users\Dave\Documents\Default.rdp
[2012/11/05 10:34:40 | 000,000,268 | RH-- | C] () -- C:\Users\Dave\AppData\Roaming\vhosts
[2012/11/05 10:34:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2012/11/05 10:34:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/08/09 19:47:54 | 000,733,320 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/12 20:44:17 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 22:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 22:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 22:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/08 15:07:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Toshiba
[2012/08/07 17:14:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Book Place
[2012/11/05 10:52:59 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Nikon
[2012/12/14 07:57:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SoftGrid Client
[2012/07/08 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Tific
[2012/07/08 15:11:14 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Toshiba
[2012/11/18 10:29:59 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TP
[2012/07/08 15:07:33 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WinBatch

========== Purity Check ==========



<

 

End of report >
OTL Extras logfile created on: 12/20/2012 8:37:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.27 Gb Available Physical Memory | 78.92% Memory free
15.90 Gb Paging File | 14.17 Gb Available in Paging File | 89.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.04 Gb Total Space | 532.12 Gb Free Space | 91.58% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F9F62-59FF-4342-8FDF-DF147F119F74}" = rport=445 | protocol=6 | dir=out | app=system |
"{054E7229-5199-44F5-9F4F-7A0726360B55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1D25D7F2-E20C-43ED-B909-DCDE91FB1661}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2DB12118-F7E0-442F-B37C-102CC2C621B6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{309F6ACF-0C38-4676-89E2-F581961DEF38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{32C20BBF-4CDC-4506-B2CF-083172A88074}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{394A6E9D-B71E-4737-B7C3-B0F437761820}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B5021AF-D841-4FFF-BCD3-C44BA1BCE9C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3E21F1C0-4C46-4899-B740-0877AF6132D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{50AD021C-E0F0-45E0-ACA7-B7859A995B8E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5373E6E9-F1A3-45F1-9687-89518B956E97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{696AC5A2-184A-4438-BB7F-8443C6D7BE84}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C2C481B-875D-4A3B-A7EC-92A16D9E34AD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87A552F8-4AB0-4799-A1A2-A855C8CADB2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A168EAE8-0C9C-48AC-B505-D78571BDE2A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{A9816235-E07A-4969-9BA2-A9C5E448B32E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADDF326-AAB4-4128-8CDE-74F16C2EF124}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD9D3C5C-68EB-4E86-B3AD-DAF61BD0EAFC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7938DD8-116E-4176-AF57-5A0F38B6CF25}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD51C619-56AB-4F9E-8162-E098431C4582}" = rport=139 | protocol=6 | dir=out | app=system |
"{F449A705-9C74-49C9-84E4-96F6B7FA9E79}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4850FB1-F8FA-4E4F-AF84-3EDF297A6E72}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDCB14A3-16A8-450C-824F-AFF06A4CF77E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{358942B5-EB7D-4A12-B3DB-DA7F140157B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3EBD851E-1EDD-4CBE-B44D-87916B6607F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53B03725-9602-4F31-BA1B-0BB65D3E621F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6AA7BA50-CED4-49D3-B4E5-3C2058EBFDEA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6AC74B7B-70A2-4A97-8992-FAF732711A36}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{79BC53E2-7C0B-4D35-99F3-CE01C9C885BB}" = protocol=6 | dir=out | app=system |
"{8219E87A-9408-4C9E-9CC4-CDAE9ED5DB14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84941543-0F2E-406F-AF58-1D1B42A8CA6B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A308AC37-0FA4-469C-9B61-07010A03C80A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8FB4125-32B0-4AA6-BEBA-B5A38395BDB9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEF02960-F9B8-4147-B28B-1F82B8DBA5E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B04DCB64-02A0-4F51-B2ED-88582EB47BEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1DCC206-6720-4274-A16F-560CB97166B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8C73DBE-7E4E-4438-BE94-814194F413C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEA3246F-9C43-4B7D-B543-5D56CD2CD95E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DA4E9C8A-E756-4216-A923-ADCCF91AAABC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2FC685F-542F-43C4-B327-62E62038A47E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F5F0FF3C-BE17-4633-A608-37ADBA65138F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7775142-5DF1-4553-9B82-D4E5E670B262}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8D964AD-8181-4E35-BC52-AD9081C0C47C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FC899C29-0238-4F1D-8C61-CDF1734C3A45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCEF7221-7CC0-4189-8A43-E95DEC541614}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0e5f7e52-cf19-4336-9616-cb38c6b81d84" = Letters from Nowhere 2
"WTA-1603d6be-0cd7-4ca4-b1b9-b7ac36875e7e" = RollerCoaster Tycoon 3: Platinum
"WTA-50f33051-7506-4180-b506-9b49aab47eb9" = Tales of Lagoona
"WTA-7a13b7c6-f28c-4347-8834-d8c88971b48c" = Polar Bowler
"WTA-98f6b9eb-91ee-4df6-af1e-a6064e356cc1" = FATE - The Traitor Soul
"WTA-a6846539-7c8c-4711-a042-464de90d6097" = Penguins!
"WTA-b30566a3-b6ae-4f8b-94e9-b1aa04d67dfd" = Zuma's Revenge
"WTA-bf8a9ded-e596-4e37-950e-cd1112cacb3e" = Plants vs. Zombies - Game of the Year
"WTA-c3387cd9-974f-4dd2-a568-f99a5ffa221e" = Bejeweled 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/12/2012 5:43:28 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 12/12/2012 5:43:28 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 12/12/2012 5:43:28 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 12/12/2012 5:43:29 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 12/12/2012 5:43:29 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 12/12/2012 5:43:29 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 12/12/2012 5:43:29 AM | Computer Name = Dave-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 12/12/2012 5:44:52 AM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/12/2012 8:28:33 AM | Computer Name = Dave-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 12/12/2012 8:29:52 AM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/18/2012 9:58:17 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the Ancillary Function Driver for
Winsock service which failed to start because of the following error: %%31

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the NetIO Legacy TDI Support Driver
service which failed to start because of the following error: %%31

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the Ancillary Function
Driver for Winsock service which failed to start because of the following error:
%%31

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network Store Interface Service service depends on the NSI proxy
service driver. service which failed to start because of the following error: %%31

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Workstation service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The IP Helper service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 12/18/2012 10:02:18 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068


< End of report >
# AdwCleaner v2.101 - Logfile created 12/20/2012 at 20:29:15
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [554 octets] - [20/12/2012 20:29:15]

########## EOF - C:\AdwCleaner[S1].txt - [613 octets] ##########



Computer runs great.
How I got it: Researching virus...googling it...first link on google...clicked it, thought it was info about it, turns out it was the trojan itself!

 

All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Dave
->Temp folder emptied: 69080 bytes
->Temporary Internet Files folder emptied: 89557747 bytes
->Java cache emptied: 38001 bytes
->Flash cache emptied: 57106 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17954 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Error: Unable to interpret <[emptyflash > in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12222012_061251

Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTR9UEKK\fastbutton[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTR9UEKK\like[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTR9UEKK\xd_arbiter[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQTX2HFT\xd_arbiter[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXDAS9UE\104349-active-need-help-trojan-please[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 25
Java version out of Date!
Adobe Flash Player 11.5.502.135
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 10-12-2012
Ran by Dave (administrator) on 22-12-2012 at 06:30:48
Running from "C:\Users\Dave\Downloads "
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

Eset scan only showed trojan contained in TDSS Killer quarantine
I couldnt copy and paste and didnt find the log

Thanks
Dave

 

No, I did not have Eset remove. Should I or just clean TDSS Quarantine?

 

All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Dave
->Temp folder emptied: 623737 bytes
->Temporary Internet Files folder emptied: 86333042 bytes
->Java cache emptied: 9659 bytes
->Flash cache emptied: 620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6254 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Dave
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12232012_123719

Files\Folders moved on Reboot...
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH0BV7V3\104349-active-need-help-trojan-please-2[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH0BV7V3\fastbutton[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YH0BV7V3\like[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEYF07KJ\xd_arbiter[1].htm moved successfully.
C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMM2EVN0\xd_arbiter[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Java does not update, otherwise computer runs great