Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak virus


  • Please log in to reply
13 replies to this topic

#1 mercuryrsng

mercuryrsng

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 08:27 AM

Hello all. I have a computer that is infected with the FBI Moneypak virus. I ran a Malwarebytes Anti Malware scan in Safe Mode, and it found some stuff. I can produce that log upon request. The full screen take-over seems to be gone but I am sure that this machine is far from clean. What steps can I take to move forward?

Thanks for all of your help!

BC AdBot (Login to Remove)

 


#2 master131

master131

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:06:09 AM

Posted 03 October 2012 - 09:10 AM

Run a scan with your anti-virus software (if you don't have one, well then get one!). Try an online scan with another vendor's anti-virus engine. Some examples are ESET Online Scan or Bitdefender QuickScan.

Ensure that all your software is up to date. The FBI Moneypak ransomware is normally installed through an exploit in a software such as Flash Player, Internet Explorer or Java. Install Secunia PSI to ensure that all programs are up to date and you don't get infected again. You can find a guide on how to use it here. Make sure to also run Windows Update and install all critical or important updates.

Edited by master131, 03 October 2012 - 09:13 AM.


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 09:33 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 01:43 PM

10:58:23.0055 1852 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:58:23.0313 1852 ============================================================
10:58:23.0313 1852 Current date / time: 2012/10/03 10:58:23.0313
10:58:23.0313 1852 SystemInfo:
10:58:23.0313 1852
10:58:23.0313 1852 OS Version: 6.1.7601 ServicePack: 1.0
10:58:23.0313 1852 Product type: Workstation
10:58:23.0314 1852 ComputerName: CINDY-PC
10:58:23.0314 1852 UserName: cindy
10:58:23.0314 1852 Windows directory: C:\windows
10:58:23.0314 1852 System windows directory: C:\windows
10:58:23.0314 1852 Running under WOW64
10:58:23.0314 1852 Processor architecture: Intel x64
10:58:23.0314 1852 Number of processors: 2
10:58:23.0314 1852 Page size: 0x1000
10:58:23.0314 1852 Boot type: Safe boot with network
10:58:23.0314 1852 ============================================================
10:58:24.0030 1852 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:58:24.0033 1852 ============================================================
10:58:24.0033 1852 \Device\Harddisk0\DR0:
10:58:24.0033 1852 MBR partitions:
10:58:24.0033 1852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C93800
10:58:24.0033 1852 ============================================================
10:58:24.0060 1852 C: <-> \Device\Harddisk0\DR0\Partition1
10:58:24.0060 1852 ============================================================
10:58:24.0060 1852 Initialize success
10:58:24.0060 1852 ============================================================
10:58:47.0439 1608 ============================================================
10:58:47.0439 1608 Scan started
10:58:47.0439 1608 Mode: Manual; TDLFS;
10:58:47.0439 1608 ============================================================
10:58:47.0642 1608 ================ Scan system memory ========================
10:58:47.0642 1608 System memory - ok
10:58:47.0642 1608 ================ Scan services =============================
10:58:47.0798 1608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
10:58:47.0798 1608 1394ohci - ok
10:58:47.0860 1608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
10:58:47.0860 1608 ACPI - ok
10:58:47.0876 1608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
10:58:47.0876 1608 AcpiPmi - ok
10:58:47.0970 1608 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:58:47.0970 1608 AdobeFlashPlayerUpdateSvc - ok
10:58:48.0032 1608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
10:58:48.0032 1608 adp94xx - ok
10:58:48.0063 1608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
10:58:48.0063 1608 adpahci - ok
10:58:48.0110 1608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
10:58:48.0110 1608 adpu320 - ok
10:58:48.0157 1608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
10:58:48.0172 1608 AeLookupSvc - ok
10:58:48.0219 1608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
10:58:48.0219 1608 AFD - ok
10:58:48.0282 1608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
10:58:48.0282 1608 agp440 - ok
10:58:48.0328 1608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
10:58:48.0328 1608 ALG - ok
10:58:48.0391 1608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
10:58:48.0391 1608 aliide - ok
10:58:48.0391 1608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
10:58:48.0406 1608 amdide - ok
10:58:48.0422 1608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
10:58:48.0422 1608 AmdK8 - ok
10:58:48.0438 1608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
10:58:48.0438 1608 AmdPPM - ok
10:58:48.0500 1608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
10:58:48.0516 1608 amdsata - ok
10:58:48.0547 1608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
10:58:48.0562 1608 amdsbs - ok
10:58:48.0578 1608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
10:58:48.0578 1608 amdxata - ok
10:58:48.0640 1608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
10:58:48.0640 1608 AppID - ok
10:58:48.0687 1608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
10:58:48.0687 1608 AppIDSvc - ok
10:58:48.0734 1608 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
10:58:48.0734 1608 Appinfo - ok
10:58:48.0874 1608 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:48.0874 1608 Apple Mobile Device - ok
10:58:48.0921 1608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
10:58:48.0921 1608 arc - ok
10:58:48.0952 1608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
10:58:48.0952 1608 arcsas - ok
10:58:48.0984 1608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:58:48.0984 1608 AsyncMac - ok
10:58:49.0030 1608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
10:58:49.0030 1608 atapi - ok
10:58:49.0171 1608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:58:49.0186 1608 AudioEndpointBuilder - ok
10:58:49.0280 1608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
10:58:49.0280 1608 AudioSrv - ok
10:58:49.0530 1608 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:58:49.0639 1608 AVG Security Toolbar Service - ok
10:58:50.0528 1608 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
10:58:50.0778 1608 AVGIDSAgent - ok
10:58:50.0856 1608 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
10:58:50.0871 1608 AVGIDSDriver - ok
10:58:50.0918 1608 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
10:58:50.0934 1608 AVGIDSFilter - ok
10:58:51.0012 1608 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
10:58:51.0027 1608 AVGIDSHA - ok
10:58:51.0199 1608 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
10:58:51.0214 1608 Avgldx64 - ok
10:58:51.0277 1608 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
10:58:51.0292 1608 Avgmfx64 - ok
10:58:51.0417 1608 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
10:58:51.0433 1608 Avgrkx64 - ok
10:58:51.0526 1608 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
10:58:51.0526 1608 Avgtdia - ok
10:58:51.0698 1608 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\windows\system32\drivers\avgtpx64.sys
10:58:51.0698 1608 avgtp - ok
10:58:51.0760 1608 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:58:51.0760 1608 avgwd - ok
10:58:51.0870 1608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
10:58:51.0885 1608 AxInstSV - ok
10:58:52.0026 1608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
10:58:52.0041 1608 b06bdrv - ok
10:58:52.0150 1608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
10:58:52.0166 1608 b57nd60a - ok
10:58:52.0260 1608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
10:58:52.0260 1608 BDESVC - ok
10:58:52.0322 1608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
10:58:52.0338 1608 Beep - ok
10:58:52.0431 1608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
10:58:52.0431 1608 BFE - ok
10:58:52.0462 1608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
10:58:52.0509 1608 BITS - ok
10:58:52.0540 1608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
10:58:52.0540 1608 blbdrive - ok
10:58:52.0650 1608 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:58:52.0650 1608 Bonjour Service - ok
10:58:52.0696 1608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
10:58:52.0696 1608 bowser - ok
10:58:52.0743 1608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
10:58:52.0743 1608 BrFiltLo - ok
10:58:52.0759 1608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
10:58:52.0759 1608 BrFiltUp - ok
10:58:52.0790 1608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
10:58:52.0790 1608 Browser - ok
10:58:52.0821 1608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
10:58:52.0821 1608 Brserid - ok
10:58:52.0837 1608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
10:58:52.0837 1608 BrSerWdm - ok
10:58:52.0868 1608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
10:58:52.0868 1608 BrUsbMdm - ok
10:58:52.0899 1608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
10:58:52.0899 1608 BrUsbSer - ok
10:58:52.0930 1608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
10:58:52.0930 1608 BTHMODEM - ok
10:58:52.0962 1608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
10:58:52.0962 1608 bthserv - ok
10:58:52.0993 1608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
10:58:52.0993 1608 cdfs - ok
10:58:53.0055 1608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
10:58:53.0055 1608 cdrom - ok
10:58:53.0118 1608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
10:58:53.0118 1608 CertPropSvc - ok
10:58:53.0149 1608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
10:58:53.0149 1608 circlass - ok
10:58:53.0196 1608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
10:58:53.0196 1608 CLFS - ok
10:58:53.0242 1608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:53.0242 1608 clr_optimization_v2.0.50727_32 - ok
10:58:53.0289 1608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:58:53.0289 1608 clr_optimization_v2.0.50727_64 - ok
10:58:53.0352 1608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:53.0414 1608 clr_optimization_v4.0.30319_32 - ok
10:58:53.0445 1608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:58:53.0445 1608 clr_optimization_v4.0.30319_64 - ok
10:58:53.0476 1608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
10:58:53.0492 1608 CmBatt - ok
10:58:53.0523 1608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
10:58:53.0523 1608 cmdide - ok
10:58:53.0570 1608 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
10:58:53.0570 1608 CNG - ok
10:58:53.0617 1608 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
10:58:53.0632 1608 CnxtHdAudService - ok
10:58:53.0664 1608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
10:58:53.0664 1608 Compbatt - ok
10:58:53.0710 1608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
10:58:53.0710 1608 CompositeBus - ok
10:58:53.0710 1608 COMSysApp - ok
10:58:53.0742 1608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
10:58:53.0742 1608 crcdisk - ok
10:58:53.0788 1608 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
10:58:53.0788 1608 CryptSvc - ok
10:58:53.0835 1608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
10:58:53.0835 1608 DcomLaunch - ok
10:58:53.0882 1608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
10:58:53.0882 1608 defragsvc - ok
10:58:53.0929 1608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
10:58:53.0929 1608 DfsC - ok
10:58:53.0976 1608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
10:58:53.0976 1608 Dhcp - ok
10:58:54.0007 1608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
10:58:54.0007 1608 discache - ok
10:58:54.0038 1608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
10:58:54.0038 1608 Disk - ok
10:58:54.0069 1608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:58:54.0069 1608 Dnscache - ok
10:58:54.0132 1608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
10:58:54.0132 1608 dot3svc - ok
10:58:54.0178 1608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
10:58:54.0178 1608 DPS - ok
10:58:54.0225 1608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:58:54.0225 1608 drmkaud - ok
10:58:54.0272 1608 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
10:58:54.0288 1608 DXGKrnl - ok
10:58:54.0319 1608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
10:58:54.0319 1608 EapHost - ok
10:58:54.0397 1608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
10:58:54.0490 1608 ebdrv - ok
10:58:54.0522 1608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
10:58:54.0522 1608 EFS - ok
10:58:54.0615 1608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
10:58:54.0631 1608 ehRecvr - ok
10:58:54.0646 1608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
10:58:54.0646 1608 ehSched - ok
10:58:54.0693 1608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
10:58:54.0693 1608 elxstor - ok
10:58:54.0740 1608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
10:58:54.0740 1608 ErrDev - ok
10:58:54.0802 1608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
10:58:54.0802 1608 EventSystem - ok
10:58:54.0834 1608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
10:58:54.0834 1608 exfat - ok
10:58:54.0865 1608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
10:58:54.0865 1608 fastfat - ok
10:58:54.0927 1608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
10:58:54.0927 1608 Fax - ok
10:58:54.0974 1608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
10:58:54.0974 1608 fdc - ok
10:58:55.0005 1608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
10:58:55.0005 1608 fdPHost - ok
10:58:55.0021 1608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
10:58:55.0021 1608 FDResPub - ok
10:58:55.0036 1608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
10:58:55.0036 1608 FileInfo - ok
10:58:55.0052 1608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
10:58:55.0052 1608 Filetrace - ok
10:58:55.0083 1608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
10:58:55.0083 1608 flpydisk - ok
10:58:55.0130 1608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:58:55.0146 1608 FltMgr - ok
10:58:55.0192 1608 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
10:58:55.0208 1608 FontCache - ok
10:58:55.0270 1608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:58:55.0270 1608 FontCache3.0.0.0 - ok
10:58:55.0286 1608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
10:58:55.0286 1608 FsDepends - ok
10:58:55.0317 1608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:58:55.0317 1608 Fs_Rec - ok
10:58:55.0364 1608 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
10:58:55.0364 1608 fvevol - ok
10:58:55.0380 1608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
10:58:55.0380 1608 gagp30kx - ok
10:58:55.0442 1608 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
10:58:55.0442 1608 GameConsoleService - ok
10:58:55.0473 1608 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:55.0489 1608 GEARAspiWDM - ok
10:58:55.0551 1608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
10:58:55.0551 1608 gpsvc - ok
10:58:55.0614 1608 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:55.0614 1608 gupdate - ok
10:58:55.0660 1608 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:55.0660 1608 gupdatem - ok
10:58:55.0692 1608 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:55.0692 1608 gusvc - ok
10:58:55.0723 1608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
10:58:55.0723 1608 hcw85cir - ok
10:58:55.0801 1608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:58:55.0801 1608 HdAudAddService - ok
10:58:55.0832 1608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
10:58:55.0832 1608 HDAudBus - ok
10:58:55.0863 1608 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
10:58:55.0863 1608 HECIx64 - ok
10:58:55.0894 1608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
10:58:55.0894 1608 HidBatt - ok
10:58:55.0910 1608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
10:58:55.0910 1608 HidBth - ok
10:58:55.0926 1608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
10:58:55.0926 1608 HidIr - ok
10:58:55.0957 1608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
10:58:55.0957 1608 hidserv - ok
10:58:56.0004 1608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
10:58:56.0004 1608 HidUsb - ok
10:58:56.0035 1608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
10:58:56.0035 1608 hkmsvc - ok
10:58:56.0082 1608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:58:56.0082 1608 HomeGroupListener - ok
10:58:56.0113 1608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:58:56.0128 1608 HomeGroupProvider - ok
10:58:56.0144 1608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
10:58:56.0144 1608 HpSAMD - ok
10:58:56.0206 1608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
10:58:56.0206 1608 HTTP - ok
10:58:56.0253 1608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
10:58:56.0253 1608 hwpolicy - ok
10:58:56.0316 1608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
10:58:56.0316 1608 i8042prt - ok
10:58:56.0362 1608 [ 5E60DD5F090AB4A563C7204C289C4650 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
10:58:56.0362 1608 iaStor - ok
10:58:56.0425 1608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
10:58:56.0425 1608 iaStorV - ok
10:58:56.0518 1608 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:58:56.0518 1608 IDriverT - ok
10:58:56.0581 1608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:58:56.0596 1608 idsvc - ok
10:58:56.0815 1608 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
10:58:57.0033 1608 igfx - ok
10:58:57.0064 1608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
10:58:57.0080 1608 iirsp - ok
10:58:57.0127 1608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
10:58:57.0142 1608 IKEEXT - ok
10:58:57.0189 1608 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
10:58:57.0189 1608 Impcd - ok
10:58:57.0205 1608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
10:58:57.0205 1608 intelide - ok
10:58:57.0236 1608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
10:58:57.0236 1608 intelppm - ok
10:58:57.0283 1608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
10:58:57.0283 1608 IPBusEnum - ok
10:58:57.0314 1608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:58:57.0314 1608 IpFilterDriver - ok
10:58:57.0361 1608 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
10:58:57.0376 1608 iphlpsvc - ok
10:58:57.0408 1608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
10:58:57.0408 1608 IPMIDRV - ok
10:58:57.0439 1608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
10:58:57.0439 1608 IPNAT - ok
10:58:57.0486 1608 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:58:57.0501 1608 iPod Service - ok
10:58:57.0532 1608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
10:58:57.0532 1608 IRENUM - ok
10:58:57.0595 1608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
10:58:57.0595 1608 isapnp - ok
10:58:57.0626 1608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
10:58:57.0642 1608 iScsiPrt - ok
10:58:57.0657 1608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
10:58:57.0657 1608 kbdclass - ok
10:58:57.0688 1608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
10:58:57.0688 1608 kbdhid - ok
10:58:57.0720 1608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
10:58:57.0720 1608 KeyIso - ok
10:58:57.0782 1608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
10:58:57.0782 1608 KSecDD - ok
10:58:57.0829 1608 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
10:58:57.0829 1608 KSecPkg - ok
10:58:57.0876 1608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
10:58:57.0876 1608 ksthunk - ok
10:58:57.0907 1608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
10:58:57.0907 1608 KtmRm - ok
10:58:57.0938 1608 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
10:58:57.0938 1608 L1C - ok
10:58:57.0985 1608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
10:58:58.0000 1608 LanmanServer - ok
10:58:58.0032 1608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:58:58.0047 1608 LanmanWorkstation - ok
10:58:58.0094 1608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
10:58:58.0110 1608 lltdio - ok
10:58:58.0125 1608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
10:58:58.0141 1608 lltdsvc - ok
10:58:58.0188 1608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
10:58:58.0188 1608 lmhosts - ok
10:58:58.0266 1608 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:58:58.0266 1608 LMS - ok
10:58:58.0312 1608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
10:58:58.0312 1608 LSI_FC - ok
10:58:58.0328 1608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
10:58:58.0328 1608 LSI_SAS - ok
10:58:58.0344 1608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
10:58:58.0344 1608 LSI_SAS2 - ok
10:58:58.0375 1608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
10:58:58.0375 1608 LSI_SCSI - ok
10:58:58.0390 1608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
10:58:58.0390 1608 luafv - ok
10:58:58.0422 1608 MCSTRM - ok
10:58:58.0468 1608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
10:58:58.0468 1608 Mcx2Svc - ok
10:58:58.0500 1608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
10:58:58.0500 1608 megasas - ok
10:58:58.0531 1608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
10:58:58.0546 1608 MegaSR - ok
10:58:58.0593 1608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
10:58:58.0593 1608 MMCSS - ok
10:58:58.0609 1608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
10:58:58.0609 1608 Modem - ok
10:58:58.0640 1608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
10:58:58.0640 1608 monitor - ok
10:58:58.0671 1608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
10:58:58.0671 1608 mouclass - ok
10:58:58.0718 1608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:58:58.0718 1608 mouhid - ok
10:58:58.0749 1608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
10:58:58.0749 1608 mountmgr - ok
10:58:58.0796 1608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
10:58:58.0796 1608 mpio - ok
10:58:58.0812 1608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
10:58:58.0812 1608 mpsdrv - ok
10:58:58.0858 1608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
10:58:58.0874 1608 MpsSvc - ok
10:58:58.0905 1608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
10:58:58.0905 1608 MRxDAV - ok
10:58:58.0936 1608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:58:58.0936 1608 mrxsmb - ok
10:58:58.0968 1608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
10:58:58.0968 1608 mrxsmb10 - ok
10:58:58.0999 1608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
10:58:58.0999 1608 mrxsmb20 - ok
10:58:59.0046 1608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
10:58:59.0046 1608 msahci - ok
10:58:59.0061 1608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
10:58:59.0061 1608 msdsm - ok
10:58:59.0092 1608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
10:58:59.0092 1608 MSDTC - ok
10:58:59.0108 1608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:58:59.0124 1608 Msfs - ok
10:58:59.0124 1608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
10:58:59.0139 1608 mshidkmdf - ok
10:58:59.0186 1608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
10:58:59.0186 1608 msisadrv - ok
10:58:59.0202 1608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
10:58:59.0202 1608 MSiSCSI - ok
10:58:59.0217 1608 msiserver - ok
10:58:59.0248 1608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:58:59.0248 1608 MSKSSRV - ok
10:58:59.0264 1608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:58:59.0264 1608 MSPCLOCK - ok
10:58:59.0280 1608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:58:59.0280 1608 MSPQM - ok
10:58:59.0326 1608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
10:58:59.0326 1608 MsRPC - ok
10:58:59.0373 1608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
10:58:59.0373 1608 mssmbios - ok
10:58:59.0404 1608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
10:58:59.0404 1608 MSTEE - ok
10:58:59.0436 1608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
10:58:59.0436 1608 MTConfig - ok
10:58:59.0451 1608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
10:58:59.0467 1608 Mup - ok
10:58:59.0498 1608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
10:58:59.0498 1608 napagent - ok
10:58:59.0545 1608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
10:58:59.0545 1608 NativeWifiP - ok
10:58:59.0607 1608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
10:58:59.0623 1608 NDIS - ok
10:58:59.0638 1608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
10:58:59.0638 1608 NdisCap - ok
10:58:59.0670 1608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:58:59.0670 1608 NdisTapi - ok
10:58:59.0716 1608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:58:59.0732 1608 Ndisuio - ok
10:58:59.0763 1608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:58:59.0763 1608 NdisWan - ok
10:58:59.0794 1608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:58:59.0794 1608 NDProxy - ok
10:58:59.0841 1608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:58:59.0841 1608 NetBIOS - ok
10:58:59.0872 1608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:58:59.0872 1608 NetBT - ok
10:58:59.0888 1608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
10:58:59.0888 1608 Netlogon - ok
10:58:59.0919 1608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
10:58:59.0935 1608 Netman - ok
10:58:59.0950 1608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
10:58:59.0950 1608 netprofm - ok
10:58:59.0982 1608 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:58:59.0982 1608 NetTcpPortSharing - ok
10:59:00.0013 1608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
10:59:00.0013 1608 nfrd960 - ok
10:59:00.0075 1608 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
10:59:00.0075 1608 NlaSvc - ok
10:59:00.0138 1608 Norton PC Checkup Application Launcher - ok
10:59:00.0138 1608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
10:59:00.0138 1608 Npfs - ok
10:59:00.0169 1608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
10:59:00.0169 1608 nsi - ok
10:59:00.0184 1608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
10:59:00.0184 1608 nsiproxy - ok
10:59:00.0247 1608 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:59:00.0262 1608 Ntfs - ok
10:59:00.0278 1608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
10:59:00.0278 1608 Null - ok
10:59:00.0294 1608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
10:59:00.0294 1608 nvraid - ok
10:59:00.0356 1608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
10:59:00.0356 1608 nvstor - ok
10:59:00.0434 1608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
10:59:00.0434 1608 nv_agp - ok
10:59:00.0512 1608 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:59:00.0528 1608 odserv - ok
10:59:00.0543 1608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
10:59:00.0543 1608 ohci1394 - ok
10:59:00.0574 1608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:00.0574 1608 ose - ok
10:59:00.0590 1608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
10:59:00.0606 1608 p2pimsvc - ok
10:59:00.0621 1608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
10:59:00.0637 1608 p2psvc - ok
10:59:00.0668 1608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
10:59:00.0668 1608 Parport - ok
10:59:00.0699 1608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
10:59:00.0699 1608 partmgr - ok
10:59:00.0762 1608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
10:59:00.0762 1608 PcaSvc - ok
10:59:00.0808 1608 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
10:59:00.0808 1608 PCCUJobMgr - ok
10:59:00.0855 1608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
10:59:00.0855 1608 pci - ok
10:59:00.0902 1608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
10:59:00.0902 1608 pciide - ok
10:59:00.0933 1608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
10:59:00.0933 1608 pcmcia - ok
10:59:00.0964 1608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
10:59:00.0964 1608 pcw - ok
10:59:00.0980 1608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
10:59:00.0996 1608 PEAUTH - ok
10:59:01.0058 1608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
10:59:01.0074 1608 PerfHost - ok
10:59:01.0105 1608 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
10:59:01.0105 1608 PGEffect - ok
10:59:01.0167 1608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
10:59:01.0183 1608 pla - ok
10:59:01.0230 1608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
10:59:01.0230 1608 PlugPlay - ok
10:59:01.0261 1608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
10:59:01.0261 1608 PNRPAutoReg - ok
10:59:01.0276 1608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
10:59:01.0276 1608 PNRPsvc - ok
10:59:01.0323 1608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
10:59:01.0323 1608 PolicyAgent - ok
10:59:01.0354 1608 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
10:59:01.0354 1608 Power - ok
10:59:01.0401 1608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:59:01.0401 1608 PptpMiniport - ok
10:59:01.0432 1608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
10:59:01.0432 1608 Processor - ok
10:59:01.0479 1608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
10:59:01.0479 1608 ProfSvc - ok
10:59:01.0510 1608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
10:59:01.0510 1608 ProtectedStorage - ok
10:59:01.0573 1608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
10:59:01.0573 1608 Psched - ok
10:59:01.0620 1608 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
10:59:01.0620 1608 QIOMem - ok
10:59:01.0666 1608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
10:59:01.0682 1608 ql2300 - ok
10:59:01.0713 1608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
10:59:01.0713 1608 ql40xx - ok
10:59:01.0744 1608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
10:59:01.0744 1608 QWAVE - ok
10:59:01.0760 1608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
10:59:01.0760 1608 QWAVEdrv - ok
10:59:01.0776 1608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:59:01.0776 1608 RasAcd - ok
10:59:01.0807 1608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
10:59:01.0807 1608 RasAgileVpn - ok
10:59:01.0807 1608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
10:59:01.0822 1608 RasAuto - ok
10:59:01.0854 1608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:59:01.0854 1608 Rasl2tp - ok
10:59:01.0900 1608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
10:59:01.0900 1608 RasMan - ok
10:59:01.0916 1608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:59:01.0916 1608 RasPppoe - ok
10:59:01.0932 1608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
10:59:01.0932 1608 RasSstp - ok
10:59:01.0947 1608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:59:01.0947 1608 rdbss - ok
10:59:01.0978 1608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
10:59:01.0978 1608 rdpbus - ok
10:59:01.0994 1608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:59:01.0994 1608 RDPCDD - ok
10:59:02.0010 1608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
10:59:02.0010 1608 RDPENCDD - ok
10:59:02.0056 1608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
10:59:02.0056 1608 RDPREFMP - ok
10:59:02.0088 1608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:59:02.0088 1608 RDPWD - ok
10:59:02.0119 1608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
10:59:02.0119 1608 rdyboost - ok
10:59:02.0150 1608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
10:59:02.0150 1608 RemoteAccess - ok
10:59:02.0181 1608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
10:59:02.0181 1608 RemoteRegistry - ok
10:59:02.0212 1608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
10:59:02.0212 1608 RpcEptMapper - ok
10:59:02.0228 1608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
10:59:02.0228 1608 RpcLocator - ok
10:59:02.0275 1608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
10:59:02.0275 1608 RpcSs - ok
10:59:02.0306 1608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
10:59:02.0306 1608 rspndr - ok
10:59:02.0368 1608 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
10:59:02.0368 1608 RSUSBSTOR - ok
10:59:02.0415 1608 [ B89C0601A05E1140AC96FA965D94C340 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
10:59:02.0415 1608 rtl8192Ce - ok
10:59:02.0431 1608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
10:59:02.0431 1608 SamSs - ok
10:59:02.0446 1608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
10:59:02.0462 1608 sbp2port - ok
10:59:02.0493 1608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
10:59:02.0493 1608 SCardSvr - ok
10:59:02.0540 1608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
10:59:02.0540 1608 scfilter - ok
10:59:02.0618 1608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
10:59:02.0618 1608 Schedule - ok
10:59:02.0665 1608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
10:59:02.0665 1608 SCPolicySvc - ok
10:59:02.0712 1608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
10:59:02.0712 1608 SDRSVC - ok
10:59:02.0758 1608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
10:59:02.0758 1608 secdrv - ok
10:59:02.0790 1608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
10:59:02.0790 1608 seclogon - ok
10:59:02.0821 1608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
10:59:02.0821 1608 SENS - ok
10:59:02.0852 1608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
10:59:02.0868 1608 SensrSvc - ok
10:59:02.0883 1608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
10:59:02.0899 1608 Serenum - ok
10:59:02.0946 1608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
10:59:02.0946 1608 Serial - ok
10:59:02.0977 1608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
10:59:02.0977 1608 sermouse - ok
10:59:03.0024 1608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
10:59:03.0024 1608 SessionEnv - ok
10:59:03.0055 1608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
10:59:03.0055 1608 sffdisk - ok
10:59:03.0086 1608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
10:59:03.0086 1608 sffp_mmc - ok
10:59:03.0102 1608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
10:59:03.0102 1608 sffp_sd - ok
10:59:03.0133 1608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
10:59:03.0133 1608 sfloppy - ok
10:59:03.0195 1608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
10:59:03.0195 1608 SharedAccess - ok
10:59:03.0258 1608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:59:03.0258 1608 ShellHWDetection - ok
10:59:03.0289 1608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
10:59:03.0289 1608 SiSRaid2 - ok
10:59:03.0304 1608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
10:59:03.0304 1608 SiSRaid4 - ok
10:59:03.0336 1608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
10:59:03.0336 1608 Smb - ok
10:59:03.0382 1608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
10:59:03.0398 1608 SNMPTRAP - ok
10:59:03.0414 1608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
10:59:03.0414 1608 spldr - ok
10:59:03.0460 1608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
10:59:03.0476 1608 Spooler - ok
10:59:03.0585 1608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
10:59:03.0648 1608 sppsvc - ok
10:59:03.0679 1608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
10:59:03.0679 1608 sppuinotify - ok
10:59:03.0726 1608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
10:59:03.0726 1608 srv - ok
10:59:03.0757 1608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
10:59:03.0757 1608 srv2 - ok
10:59:03.0819 1608 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
10:59:03.0819 1608 SrvHsfHDA - ok
10:59:03.0866 1608 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
10:59:03.0882 1608 SrvHsfV92 - ok
10:59:03.0913 1608 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
10:59:03.0928 1608 SrvHsfWinac - ok
10:59:03.0975 1608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
10:59:03.0975 1608 srvnet - ok
10:59:04.0006 1608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:59:04.0006 1608 SSDPSRV - ok
10:59:04.0053 1608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
10:59:04.0053 1608 SstpSvc - ok
10:59:04.0069 1608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
10:59:04.0069 1608 stexstor - ok
10:59:04.0147 1608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
10:59:04.0147 1608 stisvc - ok
10:59:04.0194 1608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
10:59:04.0194 1608 swenum - ok
10:59:04.0209 1608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
10:59:04.0225 1608 swprv - ok
10:59:04.0272 1608 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
10:59:04.0272 1608 SynTP - ok
10:59:04.0334 1608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
10:59:04.0350 1608 SysMain - ok
10:59:04.0396 1608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
10:59:04.0396 1608 TabletInputService - ok
10:59:04.0412 1608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
10:59:04.0412 1608 TapiSrv - ok
10:59:04.0459 1608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
10:59:04.0459 1608 TBS - ok
10:59:04.0521 1608 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
10:59:04.0552 1608 Tcpip - ok
10:59:04.0568 1608 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
10:59:04.0584 1608 TCPIP6 - ok
10:59:04.0615 1608 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
10:59:04.0615 1608 tcpipreg - ok
10:59:04.0630 1608 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
10:59:04.0646 1608 tdcmdpst - ok
10:59:04.0662 1608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
10:59:04.0677 1608 TDPIPE - ok
10:59:04.0724 1608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
10:59:04.0724 1608 TDTCP - ok
10:59:04.0755 1608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
10:59:04.0755 1608 tdx - ok
10:59:04.0802 1608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
10:59:04.0802 1608 TermDD - ok
10:59:04.0818 1608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
10:59:04.0818 1608 TermService - ok
10:59:04.0864 1608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
10:59:04.0864 1608 Themes - ok
10:59:04.0880 1608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
10:59:04.0880 1608 THREADORDER - ok
10:59:04.0958 1608 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:59:04.0958 1608 TMachInfo - ok
10:59:04.0989 1608 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
10:59:04.0989 1608 TODDSrv - ok
10:59:05.0052 1608 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:59:05.0052 1608 TosCoSrv - ok
10:59:05.0114 1608 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:59:05.0114 1608 TOSHIBA eco Utility Service - ok
10:59:05.0192 1608 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:59:05.0192 1608 TOSHIBA HDD SSD Alert Service - ok
10:59:05.0270 1608 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:59:05.0270 1608 TPCHSrv - ok
10:59:05.0317 1608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
10:59:05.0332 1608 TrkWks - ok
10:59:05.0410 1608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:59:05.0410 1608 TrustedInstaller - ok
10:59:05.0457 1608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
10:59:05.0473 1608 tssecsrv - ok
10:59:05.0520 1608 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
10:59:05.0520 1608 TsUsbFlt - ok
10:59:05.0582 1608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
10:59:05.0582 1608 tunnel - ok
10:59:05.0598 1608 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:59:05.0598 1608 TVALZ - ok
10:59:05.0644 1608 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
10:59:05.0644 1608 TVALZFL - ok
10:59:05.0676 1608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
10:59:05.0676 1608 uagp35 - ok
10:59:05.0707 1608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
10:59:05.0707 1608 udfs - ok
10:59:05.0754 1608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
10:59:05.0754 1608 UI0Detect - ok
10:59:05.0754 1608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
10:59:05.0769 1608 uliagpkx - ok
10:59:05.0816 1608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
10:59:05.0816 1608 umbus - ok
10:59:05.0847 1608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
10:59:05.0847 1608 UmPass - ok
10:59:05.0988 1608 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:59:06.0050 1608 UNS - ok
10:59:06.0081 1608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
10:59:06.0081 1608 upnphost - ok
10:59:06.0144 1608 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
10:59:06.0159 1608 USBAAPL64 - ok
10:59:06.0190 1608 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:59:06.0190 1608 usbccgp - ok
10:59:06.0237 1608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
10:59:06.0237 1608 usbcir - ok
10:59:06.0268 1608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
10:59:06.0268 1608 usbehci - ok
10:59:06.0300 1608 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
10:59:06.0300 1608 usbhub - ok
10:59:06.0315 1608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
10:59:06.0315 1608 usbohci - ok
10:59:06.0346 1608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
10:59:06.0346 1608 usbprint - ok
10:59:06.0424 1608 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
10:59:06.0424 1608 usbscan - ok
10:59:06.0456 1608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:59:06.0471 1608 USBSTOR - ok
10:59:06.0487 1608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
10:59:06.0487 1608 usbuhci - ok
10:59:06.0549 1608 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
10:59:06.0549 1608 usbvideo - ok
10:59:06.0565 1608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
10:59:06.0580 1608 UxSms - ok
10:59:06.0596 1608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
10:59:06.0596 1608 VaultSvc - ok
10:59:06.0596 1608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
10:59:06.0596 1608 vdrvroot - ok
10:59:06.0643 1608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
10:59:06.0658 1608 vds - ok
10:59:06.0690 1608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
10:59:06.0690 1608 vga - ok
10:59:06.0705 1608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
10:59:06.0705 1608 VgaSave - ok
10:59:06.0768 1608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
10:59:06.0768 1608 vhdmp - ok
10:59:06.0799 1608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
10:59:06.0814 1608 viaide - ok
10:59:06.0846 1608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
10:59:06.0846 1608 volmgr - ok
10:59:06.0908 1608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
10:59:06.0924 1608 volmgrx - ok
10:59:06.0955 1608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
10:59:06.0955 1608 volsnap - ok
10:59:06.0986 1608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
10:59:06.0986 1608 vsmraid - ok
10:59:07.0048 1608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
10:59:07.0064 1608 VSS - ok
10:59:07.0189 1608 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
10:59:07.0189 1608 vToolbarUpdater12.2.6 - ok
10:59:07.0220 1608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
10:59:07.0220 1608 vwifibus - ok
10:59:07.0236 1608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
10:59:07.0236 1608 vwififlt - ok
10:59:07.0282 1608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
10:59:07.0282 1608 W32Time - ok
10:59:07.0298 1608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
10:59:07.0298 1608 WacomPen - ok
10:59:07.0345 1608 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
10:59:07.0345 1608 WajamUpdater - ok
10:59:07.0392 1608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
10:59:07.0392 1608 WANARP - ok
10:59:07.0392 1608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
10:59:07.0392 1608 Wanarpv6 - ok
10:59:07.0438 1608 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
10:59:07.0454 1608 WatAdminSvc - ok
10:59:07.0516 1608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
10:59:07.0532 1608 wbengine - ok
10:59:07.0563 1608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
10:59:07.0563 1608 WbioSrvc - ok
10:59:07.0610 1608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
10:59:07.0610 1608 wcncsvc - ok
10:59:07.0626 1608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:59:07.0626 1608 WcsPlugInService - ok
10:59:07.0641 1608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
10:59:07.0641 1608 Wd - ok
10:59:07.0657 1608 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
10:59:07.0672 1608 Wdf01000 - ok
10:59:07.0688 1608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
10:59:07.0704 1608 WdiServiceHost - ok
10:59:07.0704 1608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
10:59:07.0704 1608 WdiSystemHost - ok
10:59:07.0735 1608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
10:59:07.0735 1608 WebClient - ok
10:59:07.0750 1608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
10:59:07.0766 1608 Wecsvc - ok
10:59:07.0766 1608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
10:59:07.0766 1608 wercplsupport - ok
10:59:07.0797 1608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
10:59:07.0797 1608 WerSvc - ok
10:59:07.0813 1608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
10:59:07.0813 1608 WfpLwf - ok
10:59:07.0828 1608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
10:59:07.0828 1608 WIMMount - ok
10:59:07.0906 1608 WinDefend - ok
10:59:07.0922 1608 WinHttpAutoProxySvc - ok
10:59:07.0953 1608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:59:07.0969 1608 Winmgmt - ok
10:59:08.0031 1608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
10:59:08.0062 1608 WinRM - ok
10:59:08.0125 1608 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
10:59:08.0125 1608 WinUsb - ok
10:59:08.0156 1608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
10:59:08.0172 1608 Wlansvc - ok
10:59:08.0234 1608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
10:59:08.0234 1608 WmiAcpi - ok
10:59:08.0250 1608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
10:59:08.0250 1608 wmiApSrv - ok
10:59:08.0296 1608 WMPNetworkSvc - ok
10:59:08.0328 1608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
10:59:08.0328 1608 WPCSvc - ok
10:59:08.0359 1608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
10:59:08.0359 1608 WPDBusEnum - ok
10:59:08.0390 1608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
10:59:08.0390 1608 ws2ifsl - ok
10:59:08.0406 1608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
10:59:08.0406 1608 wscsvc - ok
10:59:08.0437 1608 WSearch - ok
10:59:08.0515 1608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
10:59:08.0546 1608 wuauserv - ok
10:59:08.0577 1608 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
10:59:08.0577 1608 WudfPf - ok
10:59:08.0608 1608 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
10:59:08.0608 1608 WUDFRd - ok
10:59:08.0655 1608 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
10:59:08.0671 1608 wudfsvc - ok
10:59:08.0718 1608 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
10:59:08.0718 1608 WwanSvc - ok
10:59:08.0764 1608 ================ Scan global ===============================
10:59:08.0796 1608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
10:59:08.0827 1608 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
10:59:08.0842 1608 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
10:59:08.0874 1608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
10:59:08.0905 1608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
10:59:08.0905 1608 [Global] - ok
10:59:08.0905 1608 ================ Scan MBR ==================================
10:59:08.0920 1608 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
10:59:09.0139 1608 \Device\Harddisk0\DR0 - ok
10:59:09.0139 1608 ================ Scan VBR ==================================
10:59:09.0170 1608 [ BD1DA00357B81C386FF0D6C059FC1763 ] \Device\Harddisk0\DR0\Partition1
10:59:09.0170 1608 \Device\Harddisk0\DR0\Partition1 - ok
10:59:09.0186 1608 ============================================================
10:59:09.0186 1608 Scan finished
10:59:09.0186 1608 ============================================================
10:59:09.0186 1744 Detected object count: 0
10:59:09.0186 1744 Actual detected object count: 0






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-03 11:00:31
-----------------------------
11:00:31.370 OS Version: Windows x64 6.1.7601 Service Pack 1
11:00:31.370 Number of processors: 2 586 0x2505
11:00:31.370 ComputerName: CINDY-PC UserName: cindy
11:00:31.932 Initialize success
11:04:25.059 AVAST engine defs: 12100301
11:05:32.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:05:32.555 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
11:05:32.586 Disk 0 MBR read successfully
11:05:32.586 Disk 0 MBR scan
11:05:32.586 Disk 0 Windows VISTA default MBR code
11:05:32.617 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:05:32.648 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293159 MB offset 3074048
11:05:32.679 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10585 MB offset 603463680
11:05:32.711 Disk 0 scanning C:\windows\system32\drivers
11:05:42.632 Service scanning
11:06:11.414 Modules scanning
11:06:11.414 Disk 0 trace - called modules:
11:06:11.430 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:06:11.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b31060]
11:06:11.446 3 CLASSPNP.SYS[fffff88001a7f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049b4050]
11:06:12.038 AVAST engine scan C:\windows
11:06:13.536 AVAST engine scan C:\windows\system32
11:08:48.039 AVAST engine scan C:\windows\system32\drivers
11:08:59.817 AVAST engine scan C:\Users\cindy
11:24:17.379 AVAST engine scan C:\ProgramData
11:25:29.576 Scan finished successfully
11:26:09.918 Disk 0 MBR has been saved successfully to "C:\Users\cindy\Downloads\MBR.dat"
11:26:09.918 The log file has been saved successfully to "C:\Users\cindy\Downloads\aswMBR.txt"








C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\cindy\AppData\Local\Temp\bing.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\cindy\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\cindy\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 01:49 PM

Reboot to normal mode


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 02:05 PM

I will run everything requested.

Here is the ORIGINAL Malwarebytes Antimalware Log that I ran initially that removed the "scare" screen.

I will post the rest of the results after they are all done.

Thanks.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
cindy :: CINDY-PC [administrator]

10/3/2012 9:08:50 AM
mbam-log-2012-10-03 (09-08-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220788
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\TypeLib\{145310E3-18FA-41A9-BEE4-F830B08C6014} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{76348131-7ADF-4FE7-9047-529719D86186} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO.1 (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\PrivacySafeGuard.BHO (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
C:\Users\cindy\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Quarantined and deleted successfully.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Users\cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

#7 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 03:36 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cindy :: CINDY-PC [administrator]

10/3/2012 3:06:05 PM
mbam-log-2012-10-03 (15-06-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384633
Time elapsed: 53 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\TypeLib\{1EA1A4B4-B3EF-481F-89D7-467FEAD5CF20} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.
HKCR\Interface\{C8DA3FA9-8DD9-4BF6-BBBA-625B0E3D07F7} (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PUP.PrivacySafeGuard) -> Quarantined and deleted successfully.

(end)




MiniToolBox by Farbar Version: 23-07-2012
Ran by cindy (administrator) on 03-10-2012 at 16:06:03
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : cindy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hvc.rr.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 20-7C-8F-40-B8-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4958:70f9:ce87:fcb7%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.114(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 03, 2012 4:01:32 PM
Lease Expires . . . . . . . . . . : Thursday, October 04, 2012 4:01:33 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 320896143
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-4F-59-4E-60-EB-69-7D-6A-80
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 60-EB-69-7D-6A-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hvc.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:404:1875:3f57:fe8d(Preferred)
Link-local IPv6 Address . . . . . : fe80::404:1875:3f57:fe8d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2607:f8b0:4006:803::1002
173.194.43.41
173.194.43.46
173.194.43.32
173.194.43.33
173.194.43.34
173.194.43.35
173.194.43.36
173.194.43.37
173.194.43.38
173.194.43.39
173.194.43.40


Pinging google.com [74.125.226.196] with 32 bytes of data:
Reply from 74.125.226.196: bytes=32 time=26ms TTL=53
Reply from 74.125.226.196: bytes=32 time=31ms TTL=53

Ping statistics for 74.125.226.196:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 31ms, Average = 28ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=987ms TTL=49
Reply from 72.30.38.140: bytes=32 time=741ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 741ms, Maximum = 987ms, Average = 864ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...20 7c 8f 40 b8 5d ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
10...60 eb 69 7d 6a 80 ......Atheros AR8152 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.114 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.114 286
192.168.1.114 255.255.255.255 On-link 192.168.1.114 286
192.168.1.255 255.255.255.255 On-link 192.168.1.114 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.114 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.114 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:404:1875:3f57:fe8d/128
On-link
12 286 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::404:1875:3f57:fe8d/128
On-link
12 286 fe80::4958:70f9:ce87:fcb7/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/03/2012 04:03:11 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/03/2012 03:43:46 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (10/03/2012 03:06:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 03:00:23 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/03/2012 02:41:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/03/2012 10:39:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3365238

Error: (10/03/2012 10:39:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3365238

Error: (10/03/2012 10:39:01 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/03/2012 09:42:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2247

Error: (10/03/2012 09:42:58 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2247


System errors:
=============
Error: (10/03/2012 04:01:31 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (10/03/2012 02:59:57 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (10/03/2012 10:48:21 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/03/2012 10:48:20 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/03/2012 10:48:17 AM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/03/2012 10:48:09 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/03/2012 10:40:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64
Avgmfx64
discache
spldr
Wanarpv6

Error: (10/03/2012 09:14:32 AM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (10/03/2012 09:05:40 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/03/2012 09:05:40 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Amazon Links (Version: 2.02)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.26)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Babylon toolbar on IE
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bonjour (Version: 3.0.0.10)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 4.119.0.60)
ESET Online Scanner v3
FATE (Version: 2.2.0.95)
Google Chrome (Version: 22.0.1229.79)
Google Earth (Version: 6.2.2.6613)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.1.1001)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 17 (Version: 6.0.170)
Jewel Quest - Heritage (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8117.416)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
Nancy Drew: The Creature of Kapu Cave
Norton PC Checkup (Version: 3.0.2.90.0)
ooVoo (Version: 2.9.0089)
ooVoo Toolbar (Version: 2.5.0.3)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.95)
Privacy SafeGuard version 1.0 (Version: 1.0)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.71.80.42)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30113)
Realtek WLAN Driver (Version: 2.00.0011)
Rhapsody
Sansa Updater (Version: 1.301)
Skype Launcher (Version: 2.01)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.2.0)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.3977.0)
Toshiba Book Place (Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.06.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA eco Utility (Version: 1.2.11.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.03.02.00)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.3.198)
TOSHIBA Media Controller (Version: 1.0.80.3.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.4.9)
Toshiba Online Backup (Version: 2.0.0.24)
TOSHIBA PC Health Monitor (Version: 1.6.0.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.6.05.64)
TOSHIBA Service Station (Version: 2.2.9)
TOSHIBA Supervisor Password (Version: 4.03.02.00)
TOSHIBA Value Added Package (Version: 1.3.2.64)
TOSHIBA Web Camera Application (Version: 1.1.1.15)
ToshibaRegistration (Version: 1.0.4)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Wajam (Version: 1.28)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.1.3)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Yahoo! Toolbar
Yontoo 1.10.02 (Version: 1.10.02)
Zuma's Revenge (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 3893.86 MB
Available physical RAM: 2321.3 MB
Total Pagefile: 7785.91 MB
Available Pagefile: 6017.5 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.91 MB

========================= Partitions: =====================================

1 Drive c: (TI105927W0F) (Fixed) (Total:286.29 GB) (Free:219.82 GB) NTFS

========================= Users: ========================================

User accounts for \\CINDY-PC

Administrator cindy Guest

========================= Restore Points ==================================

17-08-2012 09:46:00 Windows Update
24-08-2012 11:35:26 Scheduled Checkpoint
31-08-2012 21:51:59 Scheduled Checkpoint
10-09-2012 02:28:57 Scheduled Checkpoint
13-09-2012 09:53:36 Windows Update
21-09-2012 02:45:23 Scheduled Checkpoint
23-09-2012 00:24:46 Windows Update
26-09-2012 09:50:58 Windows Update

**** End of log ****



Farbar Service Scanner Version: 19-09-2012
Ran by cindy (administrator) on 03-10-2012 at 16:07:32
Running from "C:\Users\cindy\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****





# AdwCleaner v2.003 - Logfile created 10/03/2012 at 16:20:40
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : cindy - CINDY-PC
# Boot Mode : Normal
# Running from : C:\Users\cindy\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\cindy\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\cindy\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\cindy\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\cindy\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\cindy\AppData\Local\Wajam
Folder Deleted : C:\Users\cindy\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\cindy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.50] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.53] : keyword = "isearch.avg.com",
Deleted [l.56] : search_url = "hxxp://isearch.avg.com/search?cid={AFB14635-1DA8-40A1-BABB-AB71101EB59F}&mid=2cc027511d2547d68387b1a22f998373-97dfc16a369510a9835a85a597f8c8983ae8b23e&lang=en&ds=AVG&pr=fr&d=2012-06-18 15:00:45&v=11.1.0.12&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[S1].txt - [15452 octets] - [03/10/2012 16:20:40]

########## EOF - C:\AdwCleaner[S1].txt - [15513 octets] ##########






Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.3 (10.03.2012)
OS: Windows 7 Home Premium x64
Ran by cindy on Wed 10/03/2012 at 16:34:33.25
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32"
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs"



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Wed 10/03/2012 at 16:34:47.55
End of Report

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 03:57 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 06:27 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2012 07:21:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\cindy\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (PID: 3420) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\cindy\Desktop\rkill\rkill-10-03-2012-07-22-01.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/03/2012 07:22:13 PM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)




"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "cAudioFilterAgent" "Conexant High Definition Audio Filter Agent" "Conexant Systems, Inc." "c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SmartAudio" "SAIICpl MFC Application" "" "c:\program files\conexant\saii\saiicpl.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "NortonOnlineBackupReminder" "Toshiba Online Backup Service" "Toshiba" "c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "ROC_roc_dec12" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe"
+ "ROC_ROC_JULY_P1" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe"
+ "ToshibaAppPlace" "Toshiba App Place" "Toshiba" "c:\program files (x86)\toshiba\toshiba app place\toshibaappplace.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TWebCamera" "" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\twebcamera.exe"
+ "vProt" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ooVoo.exe" "ooVoo" "ooVoo LLC" "c:\program files (x86)\oovoo\oovoo.exe"
+ "SansaDispatch" "Sansa Dispatcher" "SanDisk Corporation" "c:\users\cindy\appdata\roaming\sandisk\sansa updater\sansadispatch.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Privacy Safeguard BHO" "" "" "File not found: C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "ooVoo Toolbar" "dtx Dynamic Link Library" "" "c:\program files (x86)\oovootoolbar\oovootoolbarx.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "ooVoo Toolbar" "dtx Dynamic Link Library" "" "c:\program files (x86)\oovootoolbar\oovootoolbarx.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\PC Checkup 3 Weekly Scan" "NortonLive Updater" "Symantec Corporation" "c:\program files (x86)\pc checkup\nlapplauncher.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVG Security Toolbar Service" "ToolbarB Application" "" "c:\program files (x86)\avg\avg10\toolbar\toolbarbroker.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\toshiba games\toshiba game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "Norton PC Checkup Application Launcher" "Provides consolidated application launching facility" "Symantec Corporation" "c:\program files (x86)\pc checkup\symcpcculaunchsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.3.198\ccsvchst.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "vToolbarUpdater12.2.6" "ToolbarU Application" "" "c:\program files (x86)\common files\avg secure search\vtoolbarupdater\12.2.6\toolbarupdater.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "avgtp" "" "AVG Technologies" "c:\windows\system32\drivers\avgtpx64.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MCSTRM" "" "" "File not found: C:\windows\System32\Drivers\MCSTRM.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "QIOMem" "Generic IO & Memory Access" "TOSHIBA" "c:\windows\system32\drivers\qiomem.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "rtl8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "TrueMotion 2.0 Decompressor" "TrueMotion 2.0 Decompressor" "The Duck Corporation" "c:\windows\syswow64\tm20dec.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpz3lw71" "LanguageMonitor" "Hewlett-Packard Corporation" "c:\windows\system32\hpz3lw71.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 06:33 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#11 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 07:10 PM

Thank you! One last question. Do you have any thoughts on Oovoo? It's an instant messenger/video program. http://www.oovoo.com/home.aspx

I see it a lot on infected computers and wonder if there is a correlation between an infection and this program. Thanks again!

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 07:14 PM

Oovoo is a legitimate software.

safe surfing

#13 mercuryrsng

mercuryrsng
  • Topic Starter

  • Members
  • 298 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 03 October 2012 - 07:15 PM

Thanks...take care.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:09 PM

Posted 03 October 2012 - 07:20 PM

:thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users