Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Icons on start up disappear and remains blue


  • Please log in to reply
11 replies to this topic

#1 smfsmf

smfsmf

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 06:47 AM

did malware bytes removed 4 trojans
then after tried system restore, but keeps getting blue screen with a bunch of words saying disk error

any help to see what left on my computer to remove it

thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 PM

Posted 07 October 2012 - 09:13 AM

Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 01:24 PM

13:01:26.0782 1824 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:01:27.0078 1824 ============================================================
13:01:27.0078 1824 Current date / time: 2012/10/07 13:01:27.0078
13:01:27.0078 1824 SystemInfo:
13:01:27.0078 1824
13:01:27.0078 1824 OS Version: 6.1.7601 ServicePack: 1.0
13:01:27.0078 1824 Product type: Workstation
13:01:27.0078 1824 ComputerName: STEVE-PC
13:01:27.0078 1824 UserName: steve
13:01:27.0078 1824 Windows directory: C:\windows
13:01:27.0078 1824 System windows directory: C:\windows
13:01:27.0078 1824 Running under WOW64
13:01:27.0078 1824 Processor architecture: Intel x64
13:01:27.0078 1824 Number of processors: 2
13:01:27.0078 1824 Page size: 0x1000
13:01:27.0078 1824 Boot type: Safe boot with network
13:01:27.0078 1824 ============================================================
13:01:27.0874 1824 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:01:27.0874 1824 ============================================================
13:01:27.0874 1824 \Device\Harddisk0\DR0:
13:01:27.0874 1824 MBR partitions:
13:01:27.0874 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38887800
13:01:27.0874 1824 ============================================================
13:01:27.0905 1824 C: <-> \Device\Harddisk0\DR0\Partition1
13:01:27.0905 1824 ============================================================
13:01:27.0905 1824 Initialize success
13:01:27.0905 1824 ============================================================
13:01:31.0782 1912 ============================================================
13:01:31.0782 1912 Scan started
13:01:31.0782 1912 Mode: Manual;
13:01:31.0782 1912 ============================================================
13:01:32.0778 1912 ================ Scan system memory ========================
13:01:32.0778 1912 System memory - ok
13:01:32.0778 1912 ================ Scan services =============================
13:01:33.0242 1912 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:01:33.0242 1912 1394ohci - ok
13:01:33.0304 1912 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:01:33.0304 1912 ACPI - ok
13:01:33.0366 1912 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\windows\system32\DRIVERS\acpials.sys
13:01:33.0366 1912 acpials - ok
13:01:33.0429 1912 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:01:33.0429 1912 AcpiPmi - ok
13:01:33.0710 1912 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:01:33.0725 1912 AdobeFlashPlayerUpdateSvc - ok
13:01:33.0772 1912 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:01:33.0788 1912 adp94xx - ok
13:01:33.0834 1912 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:01:33.0834 1912 adpahci - ok
13:01:33.0850 1912 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:01:33.0881 1912 adpu320 - ok
13:01:33.0897 1912 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:01:33.0912 1912 AeLookupSvc - ok
13:01:34.0006 1912 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:01:34.0006 1912 AFD - ok
13:01:34.0037 1912 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:01:34.0037 1912 agp440 - ok
13:01:34.0084 1912 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:01:34.0084 1912 ALG - ok
13:01:34.0162 1912 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:01:34.0162 1912 aliide - ok
13:01:34.0178 1912 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:01:34.0178 1912 amdide - ok
13:01:34.0209 1912 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:01:34.0209 1912 AmdK8 - ok
13:01:34.0224 1912 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:01:34.0224 1912 AmdPPM - ok
13:01:34.0256 1912 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:01:34.0256 1912 amdsata - ok
13:01:34.0287 1912 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:01:34.0287 1912 amdsbs - ok
13:01:34.0302 1912 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:01:34.0302 1912 amdxata - ok
13:01:34.0396 1912 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:01:34.0396 1912 AppID - ok
13:01:34.0427 1912 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:01:34.0427 1912 AppIDSvc - ok
13:01:34.0458 1912 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:01:34.0458 1912 Appinfo - ok
13:01:34.0505 1912 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
13:01:34.0521 1912 arc - ok
13:01:34.0521 1912 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:01:34.0521 1912 arcsas - ok
13:01:34.0786 1912 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:01:34.0848 1912 aspnet_state - ok
13:01:34.0911 1912 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:01:34.0911 1912 AsyncMac - ok
13:01:34.0973 1912 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:01:34.0973 1912 atapi - ok
13:01:35.0051 1912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:01:35.0082 1912 AudioEndpointBuilder - ok
13:01:35.0098 1912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:01:35.0098 1912 AudioSrv - ok
13:01:35.0192 1912 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:01:35.0192 1912 AxInstSV - ok
13:01:35.0254 1912 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
13:01:35.0270 1912 b06bdrv - ok
13:01:35.0316 1912 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:01:35.0316 1912 b57nd60a - ok
13:01:35.0394 1912 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:01:35.0394 1912 BDESVC - ok
13:01:35.0441 1912 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:01:35.0441 1912 Beep - ok
13:01:35.0519 1912 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:01:35.0535 1912 BFE - ok
13:01:35.0566 1912 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
13:01:35.0582 1912 BITS - ok
13:01:35.0628 1912 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:01:35.0628 1912 blbdrive - ok
13:01:35.0706 1912 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:01:35.0706 1912 bowser - ok
13:01:35.0738 1912 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:01:35.0738 1912 BrFiltLo - ok
13:01:35.0738 1912 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:01:35.0738 1912 BrFiltUp - ok
13:01:35.0769 1912 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
13:01:35.0769 1912 Browser - ok
13:01:35.0784 1912 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:01:35.0784 1912 Brserid - ok
13:01:35.0800 1912 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:01:35.0800 1912 BrSerWdm - ok
13:01:35.0816 1912 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:01:35.0816 1912 BrUsbMdm - ok
13:01:35.0816 1912 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:01:35.0816 1912 BrUsbSer - ok
13:01:35.0831 1912 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:01:35.0831 1912 BTHMODEM - ok
13:01:35.0909 1912 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:01:35.0909 1912 bthserv - ok
13:01:35.0956 1912 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:01:35.0956 1912 cdfs - ok
13:01:36.0050 1912 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:01:36.0050 1912 cdrom - ok
13:01:36.0096 1912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:01:36.0096 1912 CertPropSvc - ok
13:01:36.0128 1912 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:01:36.0128 1912 circlass - ok
13:01:36.0174 1912 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:01:36.0190 1912 CLFS - ok
13:01:36.0362 1912 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:36.0455 1912 clr_optimization_v2.0.50727_32 - ok
13:01:36.0564 1912 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:01:36.0611 1912 clr_optimization_v2.0.50727_64 - ok
13:01:36.0798 1912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:01:37.0079 1912 clr_optimization_v4.0.30319_32 - ok
13:01:37.0126 1912 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:01:37.0282 1912 clr_optimization_v4.0.30319_64 - ok
13:01:37.0344 1912 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:01:37.0344 1912 CmBatt - ok
13:01:37.0391 1912 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:01:37.0391 1912 cmdide - ok
13:01:37.0438 1912 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:01:37.0454 1912 CNG - ok
13:01:37.0469 1912 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:01:37.0469 1912 Compbatt - ok
13:01:37.0500 1912 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:01:37.0500 1912 CompositeBus - ok
13:01:37.0532 1912 COMSysApp - ok
13:01:37.0532 1912 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:01:37.0547 1912 crcdisk - ok
13:01:37.0625 1912 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:01:37.0625 1912 CryptSvc - ok
13:01:37.0766 1912 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:01:37.0781 1912 cvhsvc - ok
13:01:37.0844 1912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:01:37.0859 1912 DcomLaunch - ok
13:01:37.0906 1912 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:01:37.0922 1912 defragsvc - ok
13:01:37.0953 1912 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:01:37.0953 1912 DfsC - ok
13:01:38.0015 1912 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:01:38.0015 1912 Dhcp - ok
13:01:38.0046 1912 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:01:38.0046 1912 discache - ok
13:01:38.0093 1912 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
13:01:38.0093 1912 Disk - ok
13:01:38.0140 1912 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:01:38.0140 1912 Dnscache - ok
13:01:38.0234 1912 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:01:38.0249 1912 dot3svc - ok
13:01:38.0296 1912 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:01:38.0312 1912 DPS - ok
13:01:38.0358 1912 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:01:38.0358 1912 drmkaud - ok
13:01:38.0436 1912 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:01:38.0436 1912 DXGKrnl - ok
13:01:38.0514 1912 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:01:38.0514 1912 EapHost - ok
13:01:38.0608 1912 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
13:01:38.0795 1912 ebdrv - ok
13:01:38.0826 1912 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:01:38.0826 1912 EFS - ok
13:01:38.0998 1912 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:01:39.0014 1912 ehRecvr - ok
13:01:39.0045 1912 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:01:39.0045 1912 ehSched - ok
13:01:39.0076 1912 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:01:39.0092 1912 elxstor - ok
13:01:39.0107 1912 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:01:39.0107 1912 ErrDev - ok
13:01:39.0170 1912 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:01:39.0185 1912 EventSystem - ok
13:01:39.0201 1912 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:01:39.0201 1912 exfat - ok
13:01:39.0216 1912 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:01:39.0216 1912 fastfat - ok
13:01:39.0279 1912 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:01:39.0294 1912 Fax - ok
13:01:39.0326 1912 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:01:39.0326 1912 fdc - ok
13:01:39.0341 1912 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:01:39.0341 1912 fdPHost - ok
13:01:39.0357 1912 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:01:39.0357 1912 FDResPub - ok
13:01:39.0372 1912 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:01:39.0372 1912 FileInfo - ok
13:01:39.0404 1912 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:01:39.0419 1912 Filetrace - ok
13:01:39.0435 1912 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:01:39.0435 1912 flpydisk - ok
13:01:39.0466 1912 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:01:39.0482 1912 FltMgr - ok
13:01:39.0560 1912 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
13:01:39.0591 1912 FontCache - ok
13:01:39.0653 1912 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:01:39.0653 1912 FontCache3.0.0.0 - ok
13:01:39.0684 1912 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:01:39.0684 1912 FsDepends - ok
13:01:39.0716 1912 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:01:39.0716 1912 Fs_Rec - ok
13:01:39.0762 1912 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:01:39.0778 1912 fvevol - ok
13:01:39.0794 1912 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:01:39.0794 1912 gagp30kx - ok
13:01:39.0887 1912 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
13:01:39.0887 1912 GameConsoleService - ok
13:01:39.0950 1912 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:01:39.0981 1912 gpsvc - ok
13:01:40.0090 1912 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:01:40.0090 1912 gupdate - ok
13:01:40.0121 1912 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:01:40.0121 1912 gupdatem - ok
13:01:40.0168 1912 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:01:40.0168 1912 hcw85cir - ok
13:01:40.0246 1912 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:01:40.0246 1912 HdAudAddService - ok
13:01:40.0308 1912 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:01:40.0308 1912 HDAudBus - ok
13:01:40.0355 1912 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
13:01:40.0371 1912 HECIx64 - ok
13:01:40.0402 1912 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:01:40.0402 1912 HidBatt - ok
13:01:40.0418 1912 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:01:40.0418 1912 HidBth - ok
13:01:40.0418 1912 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:01:40.0433 1912 HidIr - ok
13:01:40.0449 1912 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
13:01:40.0449 1912 hidserv - ok
13:01:40.0527 1912 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:01:40.0527 1912 HidUsb - ok
13:01:40.0589 1912 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:01:40.0589 1912 hkmsvc - ok
13:01:40.0683 1912 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:01:40.0683 1912 HomeGroupListener - ok
13:01:40.0730 1912 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:01:40.0730 1912 HomeGroupProvider - ok
13:01:40.0761 1912 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:01:40.0761 1912 HpSAMD - ok
13:01:40.0823 1912 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:01:40.0823 1912 HTTP - ok
13:01:40.0870 1912 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:01:40.0870 1912 hwpolicy - ok
13:01:40.0932 1912 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:01:40.0932 1912 i8042prt - ok
13:01:40.0995 1912 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:01:40.0995 1912 iaStor - ok
13:01:41.0057 1912 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:01:41.0073 1912 iaStorV - ok
13:01:41.0135 1912 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:01:41.0166 1912 idsvc - ok
13:01:41.0463 1912 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
13:01:41.0666 1912 igfx - ok
13:01:41.0712 1912 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:01:41.0712 1912 iirsp - ok
13:01:41.0759 1912 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:01:41.0790 1912 IKEEXT - ok
13:01:41.0837 1912 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
13:01:41.0837 1912 Impcd - ok
13:01:41.0962 1912 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
13:01:42.0024 1912 IntcAzAudAddService - ok
13:01:42.0102 1912 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
13:01:42.0102 1912 IntcDAud - ok
13:01:42.0180 1912 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:01:42.0180 1912 intelide - ok
13:01:42.0212 1912 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:01:42.0212 1912 intelppm - ok
13:01:42.0258 1912 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:01:42.0258 1912 IPBusEnum - ok
13:01:42.0290 1912 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:01:42.0290 1912 IpFilterDriver - ok
13:01:42.0352 1912 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:01:42.0352 1912 iphlpsvc - ok
13:01:42.0399 1912 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:01:42.0399 1912 IPMIDRV - ok
13:01:42.0430 1912 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:01:42.0430 1912 IPNAT - ok
13:01:42.0461 1912 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:01:42.0461 1912 IRENUM - ok
13:01:42.0477 1912 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:01:42.0477 1912 isapnp - ok
13:01:42.0508 1912 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:01:42.0508 1912 iScsiPrt - ok
13:01:42.0570 1912 [ 19496FE93696C929392F1595ED1F8BB3 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
13:01:42.0570 1912 JMCR - ok
13:01:42.0633 1912 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:01:42.0633 1912 kbdclass - ok
13:01:42.0680 1912 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:01:42.0680 1912 kbdhid - ok
13:01:42.0695 1912 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:01:42.0695 1912 KeyIso - ok
13:01:42.0726 1912 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:01:42.0742 1912 KSecDD - ok
13:01:42.0758 1912 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:01:42.0773 1912 KSecPkg - ok
13:01:42.0820 1912 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:01:42.0820 1912 ksthunk - ok
13:01:42.0851 1912 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:01:42.0867 1912 KtmRm - ok
13:01:42.0929 1912 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
13:01:42.0929 1912 LanmanServer - ok
13:01:42.0960 1912 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:01:42.0960 1912 LanmanWorkstation - ok
13:01:43.0007 1912 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:01:43.0007 1912 lltdio - ok
13:01:43.0070 1912 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:01:43.0085 1912 lltdsvc - ok
13:01:43.0101 1912 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:01:43.0101 1912 lmhosts - ok
13:01:43.0163 1912 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:01:43.0163 1912 LMS - ok
13:01:43.0226 1912 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
13:01:43.0226 1912 LPCFilter - ok
13:01:43.0288 1912 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:01:43.0288 1912 LSI_FC - ok
13:01:43.0319 1912 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:01:43.0319 1912 LSI_SAS - ok
13:01:43.0319 1912 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:01:43.0335 1912 LSI_SAS2 - ok
13:01:43.0335 1912 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:01:43.0335 1912 LSI_SCSI - ok
13:01:43.0382 1912 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:01:43.0382 1912 luafv - ok
13:01:43.0460 1912 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:01:43.0460 1912 Mcx2Svc - ok
13:01:43.0460 1912 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:01:43.0460 1912 megasas - ok
13:01:43.0475 1912 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:01:43.0475 1912 MegaSR - ok
13:01:43.0569 1912 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:01:43.0569 1912 MMCSS - ok
13:01:43.0569 1912 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:01:43.0569 1912 Modem - ok
13:01:43.0600 1912 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:01:43.0600 1912 monitor - ok
13:01:43.0631 1912 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:01:43.0631 1912 mouclass - ok
13:01:43.0678 1912 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:01:43.0678 1912 mouhid - ok
13:01:43.0725 1912 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:01:43.0725 1912 mountmgr - ok
13:01:43.0818 1912 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
13:01:43.0818 1912 MpFilter - ok
13:01:43.0865 1912 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:01:43.0865 1912 mpio - ok
13:01:43.0896 1912 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:01:43.0896 1912 mpsdrv - ok
13:01:43.0959 1912 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:01:43.0974 1912 MpsSvc - ok
13:01:44.0006 1912 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:01:44.0021 1912 MRxDAV - ok
13:01:44.0052 1912 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:01:44.0052 1912 mrxsmb - ok
13:01:44.0084 1912 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:01:44.0084 1912 mrxsmb10 - ok
13:01:44.0115 1912 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:01:44.0115 1912 mrxsmb20 - ok
13:01:44.0130 1912 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:01:44.0130 1912 msahci - ok
13:01:44.0130 1912 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:01:44.0146 1912 msdsm - ok
13:01:44.0177 1912 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:01:44.0177 1912 MSDTC - ok
13:01:44.0208 1912 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:01:44.0208 1912 Msfs - ok
13:01:44.0240 1912 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:01:44.0240 1912 mshidkmdf - ok
13:01:44.0286 1912 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:01:44.0286 1912 msisadrv - ok
13:01:44.0302 1912 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:01:44.0302 1912 MSiSCSI - ok
13:01:44.0302 1912 msiserver - ok
13:01:44.0364 1912 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:01:44.0364 1912 MSKSSRV - ok
13:01:44.0505 1912 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:01:44.0505 1912 MsMpSvc - ok
13:01:44.0583 1912 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:01:44.0583 1912 MSPCLOCK - ok
13:01:44.0583 1912 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:01:44.0583 1912 MSPQM - ok
13:01:44.0614 1912 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:01:44.0614 1912 MsRPC - ok
13:01:44.0661 1912 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:01:44.0661 1912 mssmbios - ok
13:01:44.0676 1912 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:01:44.0676 1912 MSTEE - ok
13:01:44.0676 1912 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:01:44.0676 1912 MTConfig - ok
13:01:44.0723 1912 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:01:44.0723 1912 Mup - ok
13:01:44.0754 1912 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:01:44.0754 1912 napagent - ok
13:01:44.0801 1912 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:01:44.0801 1912 NativeWifiP - ok
13:01:44.0864 1912 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:01:44.0879 1912 NDIS - ok
13:01:44.0926 1912 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:01:44.0926 1912 NdisCap - ok
13:01:44.0942 1912 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:01:44.0957 1912 NdisTapi - ok
13:01:45.0004 1912 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:01:45.0004 1912 Ndisuio - ok
13:01:45.0051 1912 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:01:45.0051 1912 NdisWan - ok
13:01:45.0098 1912 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:01:45.0098 1912 NDProxy - ok
13:01:45.0129 1912 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:01:45.0144 1912 NetBIOS - ok
13:01:45.0176 1912 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:01:45.0176 1912 NetBT - ok
13:01:45.0191 1912 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:01:45.0191 1912 Netlogon - ok
13:01:45.0254 1912 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:01:45.0269 1912 Netman - ok
13:01:45.0332 1912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:01:45.0394 1912 NetMsmqActivator - ok
13:01:45.0394 1912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:01:45.0394 1912 NetPipeActivator - ok
13:01:45.0441 1912 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:01:45.0441 1912 netprofm - ok
13:01:45.0456 1912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:01:45.0456 1912 NetTcpActivator - ok
13:01:45.0456 1912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:01:45.0456 1912 NetTcpPortSharing - ok
13:01:45.0488 1912 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:01:45.0488 1912 nfrd960 - ok
13:01:45.0550 1912 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:01:45.0566 1912 NisDrv - ok
13:01:45.0581 1912 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:01:45.0581 1912 NisSrv - ok
13:01:45.0644 1912 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
13:01:45.0644 1912 NlaSvc - ok
13:01:45.0722 1912 Norton PC Checkup Application Launcher - ok
13:01:45.0753 1912 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:01:45.0753 1912 Npfs - ok
13:01:45.0784 1912 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:01:45.0784 1912 nsi - ok
13:01:45.0784 1912 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:01:45.0784 1912 nsiproxy - ok
13:01:45.0893 1912 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:01:45.0924 1912 Ntfs - ok
13:01:45.0940 1912 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:01:45.0940 1912 Null - ok
13:01:45.0987 1912 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:01:46.0002 1912 nvraid - ok
13:01:46.0018 1912 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:01:46.0034 1912 nvstor - ok
13:01:46.0049 1912 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:01:46.0049 1912 nv_agp - ok
13:01:46.0065 1912 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:01:46.0065 1912 ohci1394 - ok
13:01:46.0158 1912 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:01:46.0158 1912 ose - ok
13:01:46.0330 1912 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:01:46.0424 1912 osppsvc - ok
13:01:46.0470 1912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:01:46.0486 1912 p2pimsvc - ok
13:01:46.0502 1912 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:01:46.0517 1912 p2psvc - ok
13:01:46.0564 1912 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:01:46.0564 1912 Parport - ok
13:01:46.0611 1912 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:01:46.0611 1912 partmgr - ok
13:01:46.0611 1912 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:01:46.0626 1912 PcaSvc - ok
13:01:46.0658 1912 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
13:01:46.0658 1912 PCCUJobMgr - ok
13:01:46.0689 1912 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:01:46.0689 1912 pci - ok
13:01:46.0689 1912 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:01:46.0689 1912 pciide - ok
13:01:46.0720 1912 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:01:46.0720 1912 pcmcia - ok
13:01:46.0736 1912 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:01:46.0736 1912 pcw - ok
13:01:46.0767 1912 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:01:46.0767 1912 PEAUTH - ok
13:01:46.0954 1912 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:01:47.0126 1912 PerfHost - ok
13:01:47.0188 1912 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
13:01:47.0188 1912 PGEffect - ok
13:01:47.0250 1912 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:01:47.0282 1912 pla - ok
13:01:47.0344 1912 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:01:47.0344 1912 PlugPlay - ok
13:01:47.0375 1912 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:01:47.0375 1912 PNRPAutoReg - ok
13:01:47.0391 1912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:01:47.0391 1912 PNRPsvc - ok
13:01:47.0406 1912 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:01:47.0422 1912 PolicyAgent - ok
13:01:47.0453 1912 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:01:47.0453 1912 Power - ok
13:01:47.0547 1912 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:01:47.0547 1912 PptpMiniport - ok
13:01:47.0609 1912 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
13:01:47.0625 1912 Processor - ok
13:01:47.0656 1912 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:01:47.0672 1912 ProfSvc - ok
13:01:47.0687 1912 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:01:47.0687 1912 ProtectedStorage - ok
13:01:47.0765 1912 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:01:47.0765 1912 Psched - ok
13:01:47.0843 1912 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:01:47.0874 1912 ql2300 - ok
13:01:47.0890 1912 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:01:47.0890 1912 ql40xx - ok
13:01:47.0906 1912 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:01:47.0921 1912 QWAVE - ok
13:01:47.0921 1912 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:01:47.0921 1912 QWAVEdrv - ok
13:01:47.0921 1912 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:01:47.0921 1912 RasAcd - ok
13:01:47.0984 1912 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:01:47.0984 1912 RasAgileVpn - ok
13:01:47.0999 1912 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:01:47.0999 1912 RasAuto - ok
13:01:48.0062 1912 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:01:48.0062 1912 Rasl2tp - ok
13:01:48.0109 1912 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:01:48.0109 1912 RasMan - ok
13:01:48.0140 1912 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:01:48.0140 1912 RasPppoe - ok
13:01:48.0155 1912 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:01:48.0155 1912 RasSstp - ok
13:01:48.0187 1912 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:01:48.0187 1912 rdbss - ok
13:01:48.0202 1912 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:01:48.0202 1912 rdpbus - ok
13:01:48.0202 1912 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:01:48.0202 1912 RDPCDD - ok
13:01:48.0233 1912 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:01:48.0233 1912 RDPENCDD - ok
13:01:48.0233 1912 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:01:48.0233 1912 RDPREFMP - ok
13:01:48.0280 1912 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:01:48.0296 1912 RDPWD - ok
13:01:48.0327 1912 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:01:48.0343 1912 rdyboost - ok
13:01:48.0389 1912 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:01:48.0389 1912 RemoteAccess - ok
13:01:48.0421 1912 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:01:48.0421 1912 RemoteRegistry - ok
13:01:48.0436 1912 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:01:48.0436 1912 RpcEptMapper - ok
13:01:48.0452 1912 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:01:48.0452 1912 RpcLocator - ok
13:01:48.0499 1912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
13:01:48.0499 1912 RpcSs - ok
13:01:48.0561 1912 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:01:48.0561 1912 rspndr - ok
13:01:48.0608 1912 [ BA3E57C89E6F63808D3F2B11E1A2AD3C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
13:01:48.0608 1912 RTL8167 - ok
13:01:48.0670 1912 [ FFC748D848740D1BC8F330A8879C2674 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
13:01:48.0670 1912 RTL8192Ce - ok
13:01:48.0701 1912 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:01:48.0701 1912 SamSs - ok
13:01:48.0748 1912 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:01:48.0748 1912 sbp2port - ok
13:01:48.0811 1912 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:01:48.0826 1912 SCardSvr - ok
13:01:48.0857 1912 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:01:48.0873 1912 scfilter - ok
13:01:48.0920 1912 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:01:48.0951 1912 Schedule - ok
13:01:48.0982 1912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:01:48.0982 1912 SCPolicySvc - ok
13:01:49.0029 1912 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
13:01:49.0029 1912 sdbus - ok
13:01:49.0076 1912 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:01:49.0076 1912 SDRSVC - ok
13:01:49.0123 1912 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:01:49.0123 1912 secdrv - ok
13:01:49.0169 1912 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:01:49.0169 1912 seclogon - ok
13:01:49.0216 1912 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
13:01:49.0216 1912 SENS - ok
13:01:49.0263 1912 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:01:49.0263 1912 SensrSvc - ok
13:01:49.0279 1912 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:01:49.0279 1912 Serenum - ok
13:01:49.0294 1912 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:01:49.0294 1912 Serial - ok
13:01:49.0341 1912 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:01:49.0341 1912 sermouse - ok
13:01:49.0357 1912 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:01:49.0372 1912 SessionEnv - ok
13:01:49.0388 1912 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:01:49.0388 1912 sffdisk - ok
13:01:49.0419 1912 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:01:49.0419 1912 sffp_mmc - ok
13:01:49.0435 1912 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:01:49.0435 1912 sffp_sd - ok
13:01:49.0466 1912 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:01:49.0466 1912 sfloppy - ok
13:01:49.0544 1912 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
13:01:49.0544 1912 Sftfs - ok
13:01:49.0622 1912 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:01:49.0637 1912 sftlist - ok
13:01:49.0669 1912 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
13:01:49.0684 1912 Sftplay - ok
13:01:49.0715 1912 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
13:01:49.0715 1912 Sftredir - ok
13:01:49.0747 1912 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
13:01:49.0747 1912 Sftvol - ok
13:01:49.0762 1912 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:01:49.0762 1912 sftvsa - ok
13:01:49.0840 1912 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:01:49.0840 1912 SharedAccess - ok
13:01:49.0871 1912 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:01:49.0887 1912 ShellHWDetection - ok
13:01:49.0918 1912 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:01:49.0918 1912 SiSRaid2 - ok
13:01:49.0934 1912 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:01:49.0934 1912 SiSRaid4 - ok
13:01:49.0981 1912 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:01:49.0981 1912 Smb - ok
13:01:50.0043 1912 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:01:50.0043 1912 SNMPTRAP - ok
13:01:50.0043 1912 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:01:50.0043 1912 spldr - ok
13:01:50.0121 1912 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
13:01:50.0137 1912 Spooler - ok
13:01:50.0683 1912 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:01:50.0761 1912 sppsvc - ok
13:01:50.0807 1912 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:01:50.0823 1912 sppuinotify - ok
13:01:50.0917 1912 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:01:50.0917 1912 srv - ok
13:01:50.0979 1912 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:01:50.0979 1912 srv2 - ok
13:01:51.0010 1912 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:01:51.0026 1912 srvnet - ok
13:01:51.0119 1912 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:01:51.0135 1912 SSDPSRV - ok
13:01:51.0151 1912 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:01:51.0166 1912 SstpSvc - ok
13:01:51.0182 1912 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:01:51.0182 1912 stexstor - ok
13:01:51.0260 1912 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:01:51.0260 1912 stisvc - ok
13:01:51.0291 1912 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
13:01:51.0291 1912 swenum - ok
13:01:51.0338 1912 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:01:51.0338 1912 swprv - ok
13:01:51.0400 1912 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:01:51.0400 1912 SynTP - ok
13:01:51.0447 1912 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:01:51.0494 1912 SysMain - ok
13:01:51.0525 1912 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:01:51.0541 1912 TabletInputService - ok
13:01:51.0603 1912 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:01:51.0603 1912 TapiSrv - ok
13:01:51.0634 1912 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:01:51.0650 1912 TBS - ok
13:01:51.0743 1912 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:01:51.0790 1912 Tcpip - ok
13:01:51.0853 1912 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:01:51.0868 1912 TCPIP6 - ok
13:01:51.0915 1912 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:01:51.0931 1912 tcpipreg - ok
13:01:51.0962 1912 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
13:01:51.0962 1912 tdcmdpst - ok
13:01:51.0993 1912 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:01:51.0993 1912 TDPIPE - ok
13:01:52.0040 1912 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:01:52.0040 1912 TDTCP - ok
13:01:52.0087 1912 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:01:52.0087 1912 tdx - ok
13:01:52.0118 1912 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
13:01:52.0118 1912 TermDD - ok
13:01:52.0165 1912 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:01:52.0180 1912 TermService - ok
13:01:52.0211 1912 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:01:52.0211 1912 Themes - ok
13:01:52.0243 1912 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
13:01:52.0243 1912 Thpdrv - ok
13:01:52.0289 1912 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
13:01:52.0289 1912 Thpevm - ok
13:01:52.0321 1912 [ F6927BBA3B09AFF26A53A9191F7378F9 ] Thpsrv C:\windows\system32\ThpSrv.exe
13:01:52.0336 1912 Thpsrv - ok
13:01:52.0367 1912 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:01:52.0367 1912 THREADORDER - ok
13:01:52.0461 1912 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:01:52.0461 1912 TMachInfo - ok
13:01:52.0477 1912 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:01:52.0492 1912 TODDSrv - ok
13:01:52.0539 1912 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:01:52.0539 1912 TosCoSrv - ok
13:01:52.0601 1912 [ 152DA63A2843E7E63ECA8AE90D853763 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:01:52.0601 1912 TOSHIBA eco Utility Service - ok
13:01:52.0711 1912 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:01:52.0711 1912 TOSHIBA HDD SSD Alert Service - ok
13:01:52.0789 1912 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
13:01:52.0789 1912 tos_sps64 - ok
13:01:52.0851 1912 [ 6F9E17819BFA53CFF67CB1E16669500F ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:01:52.0867 1912 TPCHSrv - ok
13:01:52.0929 1912 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:01:52.0929 1912 TrkWks - ok
13:01:52.0960 1912 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:01:52.0976 1912 TrustedInstaller - ok
13:01:53.0007 1912 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:01:53.0007 1912 tssecsrv - ok
13:01:53.0038 1912 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:01:53.0038 1912 TsUsbFlt - ok
13:01:53.0116 1912 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:01:53.0116 1912 tunnel - ok
13:01:53.0147 1912 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:01:53.0147 1912 TVALZ - ok
13:01:53.0179 1912 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
13:01:53.0179 1912 TVALZFL - ok
13:01:53.0210 1912 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:01:53.0225 1912 uagp35 - ok
13:01:53.0257 1912 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:01:53.0257 1912 udfs - ok
13:01:53.0303 1912 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:01:53.0303 1912 UI0Detect - ok
13:01:53.0319 1912 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:01:53.0319 1912 uliagpkx - ok
13:01:53.0381 1912 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
13:01:53.0381 1912 umbus - ok
13:01:53.0413 1912 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:01:53.0413 1912 UmPass - ok
13:02:03.0456 1912 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:02:03.0564 1912 UNS - ok
13:02:03.0593 1912 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:02:03.0599 1912 upnphost - ok
13:02:03.0667 1912 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:02:03.0668 1912 usbccgp - ok
13:02:03.0707 1912 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:02:03.0716 1912 usbcir - ok
13:02:03.0739 1912 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
13:02:03.0740 1912 usbehci - ok
13:02:03.0794 1912 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:02:03.0796 1912 usbhub - ok
13:02:03.0829 1912 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:02:03.0831 1912 usbohci - ok
13:02:03.0859 1912 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:02:03.0861 1912 usbprint - ok
13:02:03.0890 1912 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
13:02:03.0893 1912 USBSTOR - ok
13:02:03.0899 1912 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:02:03.0903 1912 usbuhci - ok
13:02:03.0948 1912 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:02:03.0950 1912 usbvideo - ok
13:02:03.0985 1912 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:02:03.0987 1912 UxSms - ok
13:02:04.0026 1912 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:02:04.0028 1912 VaultSvc - ok
13:02:04.0095 1912 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:02:04.0096 1912 vdrvroot - ok
13:02:04.0128 1912 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:02:04.0138 1912 vds - ok
13:02:04.0185 1912 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:02:04.0187 1912 vga - ok
13:02:04.0195 1912 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:02:04.0196 1912 VgaSave - ok
13:02:04.0248 1912 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:02:04.0253 1912 vhdmp - ok
13:02:04.0264 1912 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:02:04.0267 1912 viaide - ok
13:02:04.0289 1912 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:02:04.0291 1912 volmgr - ok
13:02:04.0342 1912 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:02:04.0342 1912 volmgrx - ok
13:02:04.0373 1912 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:02:04.0373 1912 volsnap - ok
13:02:04.0404 1912 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:02:04.0404 1912 vsmraid - ok
13:02:04.0482 1912 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:02:04.0529 1912 VSS - ok
13:02:04.0529 1912 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:02:04.0529 1912 vwifibus - ok
13:02:04.0576 1912 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:02:04.0576 1912 vwififlt - ok
13:02:04.0591 1912 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:02:04.0591 1912 vwifimp - ok
13:02:04.0654 1912 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:02:04.0654 1912 W32Time - ok
13:02:04.0685 1912 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:02:04.0685 1912 WacomPen - ok
13:02:04.0763 1912 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:02:04.0763 1912 WANARP - ok
13:02:04.0778 1912 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:02:04.0778 1912 Wanarpv6 - ok
13:02:04.0872 1912 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
13:02:04.0903 1912 WatAdminSvc - ok
13:02:04.0966 1912 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:02:04.0997 1912 wbengine - ok
13:02:05.0028 1912 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:02:05.0028 1912 WbioSrvc - ok
13:02:05.0075 1912 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:02:05.0075 1912 wcncsvc - ok
13:02:05.0090 1912 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:02:05.0090 1912 WcsPlugInService - ok
13:02:05.0122 1912 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
13:02:05.0137 1912 Wd - ok
13:02:05.0153 1912 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:02:05.0168 1912 Wdf01000 - ok
13:02:05.0184 1912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:02:05.0184 1912 WdiServiceHost - ok
13:02:05.0184 1912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:02:05.0184 1912 WdiSystemHost - ok
13:02:05.0215 1912 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:02:05.0231 1912 WebClient - ok
13:02:05.0246 1912 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:02:05.0262 1912 Wecsvc - ok
13:02:05.0278 1912 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:02:05.0278 1912 wercplsupport - ok
13:02:05.0340 1912 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:02:05.0340 1912 WerSvc - ok
13:02:05.0387 1912 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:02:05.0387 1912 WfpLwf - ok
13:02:05.0402 1912 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:02:05.0402 1912 WIMMount - ok
13:02:05.0418 1912 WinDefend - ok
13:02:05.0465 1912 WinHttpAutoProxySvc - ok
13:02:05.0590 1912 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:02:05.0605 1912 Winmgmt - ok
13:02:05.0668 1912 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:02:05.0714 1912 WinRM - ok
13:02:05.0777 1912 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:02:05.0808 1912 Wlansvc - ok
13:02:05.0870 1912 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:02:05.0886 1912 wlcrasvc - ok
13:02:05.0964 1912 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:02:06.0042 1912 wlidsvc - ok
13:02:06.0058 1912 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:02:06.0058 1912 WmiAcpi - ok
13:02:06.0104 1912 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:02:06.0104 1912 wmiApSrv - ok
13:02:06.0136 1912 WMPNetworkSvc - ok
13:02:06.0167 1912 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:02:06.0167 1912 WPCSvc - ok
13:02:06.0198 1912 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:02:06.0198 1912 WPDBusEnum - ok
13:02:06.0229 1912 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:02:06.0229 1912 ws2ifsl - ok
13:02:06.0245 1912 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
13:02:06.0245 1912 wscsvc - ok
13:02:06.0307 1912 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
13:02:06.0307 1912 WSDPrintDevice - ok
13:02:06.0323 1912 WSearch - ok
13:02:06.0401 1912 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:02:06.0479 1912 wuauserv - ok
13:02:06.0494 1912 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:02:06.0494 1912 WudfPf - ok
13:02:06.0510 1912 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:02:06.0526 1912 WUDFRd - ok
13:02:06.0588 1912 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:02:06.0588 1912 wudfsvc - ok
13:02:06.0650 1912 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
13:02:06.0666 1912 WwanSvc - ok
13:02:06.0744 1912 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\windows\system32\DRIVERS\xnacc.sys
13:02:06.0760 1912 xnacc - ok
13:02:06.0791 1912 ================ Scan global ===============================
13:02:06.0822 1912 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:02:06.0853 1912 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:02:06.0853 1912 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:02:06.0900 1912 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:02:06.0931 1912 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:02:06.0947 1912 [Global] - ok
13:02:06.0947 1912 ================ Scan MBR ==================================
13:02:06.0978 1912 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
13:02:07.0243 1912 \Device\Harddisk0\DR0 - ok
13:02:07.0243 1912 ================ Scan VBR ==================================
13:02:07.0259 1912 [ C4364970CDDC59895C751893682F34CA ] \Device\Harddisk0\DR0\Partition1
13:02:07.0259 1912 \Device\Harddisk0\DR0\Partition1 - ok
13:02:07.0259 1912 ============================================================
13:02:07.0259 1912 Scan finished
13:02:07.0259 1912 ============================================================
13:02:07.0274 1916 Detected object count: 0
13:02:07.0274 1916 Actual detected object count: 0
13:02:17.0210 1820 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 13:06:24
-----------------------------
13:06:24.404 OS Version: Windows x64 6.1.7601 Service Pack 1
13:06:24.404 Number of processors: 2 586 0x2505
13:06:24.404 ComputerName: STEVE-PC UserName: steve
13:06:25.558 Initialize success
13:08:10.687 AVAST engine defs: 12100701
13:08:37.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:08:37.033 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
13:08:37.064 Disk 0 MBR read successfully
13:08:37.080 Disk 0 MBR scan
13:08:37.080 Disk 0 Windows VISTA default MBR code
13:08:37.095 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:08:37.111 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463119 MB offset 3074048
13:08:37.142 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12320 MB offset 951541760
13:08:37.189 Disk 0 scanning C:\windows\system32\drivers
13:08:48.811 Service scanning
13:09:25.237 Modules scanning
13:09:25.237 Disk 0 trace - called modules:
13:09:25.253 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
13:09:25.253 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800589d060]
13:09:25.284 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800589b060]
13:09:25.284 5 thpdrv.sys[fffff88001b89cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800497e050]
13:09:26.750 AVAST engine scan C:\windows
13:09:41.898 AVAST engine scan C:\windows\system32
13:13:06.331 AVAST engine scan C:\windows\system32\drivers
13:13:19.295 AVAST engine scan C:\Users\steve
13:16:58.187 AVAST engine scan C:\ProgramData
13:19:39.008 Scan finished successfully
13:20:25.453 Disk 0 MBR has been saved successfully to "C:\Users\steve\Documents\MBR.dat"
13:20:25.458 The log file has been saved successfully to "C:\Users\steve\Documents\aswMBR.txt"

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0EFJ1RY7\PCSpeedMaximizer-auto[1].exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\air7496.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\airE89D.exe a variant of Win32/SpeedingUpMyPC application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\flashplayer.dll Win32/Reveton.H trojan cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\iexplore.dll Win32/Reveton.H trojan cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\ICReinstall\cnet2_setupUltimateIPChanger_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\is1438683437\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\steve\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined
C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 PM

Posted 07 October 2012 - 01:30 PM

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 05:04 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
steve :: STEVE-PC [administrator]

10/7/2012 3:56:06 PM
mbam-log-2012-10-07 (15-56-06).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352455
Time elapsed: 1 hour(s), 42 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by steve (administrator) on 07-10-2012 at 18:00:06
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : steve-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : columbus.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 74-31-70-5F-6C-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 74-31-70-5F-6C-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c450:4a59:8d87:caa1%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.14(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.128
Lease Obtained. . . . . . . . . . : Sunday, October 07, 2012 5:54:24 PM
Lease Expires . . . . . . . . . . : Monday, October 08, 2012 5:54:23 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 326381936
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-34-84-C3-B8-70-F4-57-E2-24
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-57-E2-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.columbus.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #10
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #14
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2831:32db:519a:a427(Preferred)
Link-local IPv6 Address . . . . . : fe80::2831:32db:519a:a427%32(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4899D96A-AB26-4164-9C7F-97E46A562663}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #17
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : columbus.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #18
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 2001:4860:400a:800::1001
74.125.225.70
74.125.225.71
74.125.225.72
74.125.225.73
74.125.225.78
74.125.225.64
74.125.225.65
74.125.225.66
74.125.225.67
74.125.225.68
74.125.225.69


Pinging google.com [74.125.225.97] with 32 bytes of data:
Reply from 74.125.225.97: bytes=32 time=33ms TTL=53
Reply from 74.125.225.97: bytes=32 time=34ms TTL=53

Ping statistics for 74.125.225.97:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 34ms, Average = 33ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=135ms TTL=47
Reply from 98.138.253.109: bytes=32 time=91ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 135ms, Average = 113ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...74 31 70 5f 6c 6d ......Microsoft Virtual WiFi Miniport Adapter
12...74 31 70 5f 6c 6d ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
10...b8 70 f4 57 e2 24 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #10
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #14
32...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #17
36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #18
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.14 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.128 On-link 192.168.1.14 281
192.168.1.14 255.255.255.255 On-link 192.168.1.14 281
192.168.1.127 255.255.255.255 On-link 192.168.1.14 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.14 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.14 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
32 58 ::/0 On-link
1 306 ::1/128 On-link
32 58 2001::/32 On-link
32 306 2001:0:4137:9e76:2831:32db:519a:a427/128
On-link
12 281 fe80::/64 On-link
32 306 fe80::/64 On-link
32 306 fe80::2831:32db:519a:a427/128
On-link
12 281 fe80::c450:4a59:8d87:caa1/128
On-link
1 306 ff00::/8 On-link
32 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/07/2012 05:58:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/07/2012 05:57:30 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 03:57:43 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (372) SUS20ClientDataStore: The version store for this instance (0) has reached its maximum size of 32Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x00000000013704A0

Session-context: 0x00000000

Session-context ThreadId: 0x0000000000000D58

Cleanup: 1

Error: (10/07/2012 03:55:54 PM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 07:36:09 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 07:34:54 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

Error: (10/07/2012 07:27:55 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

Error: (10/07/2012 07:24:56 AM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Windows Update).

Error: (10/07/2012 07:20:15 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 05:41:24 AM) (Source: Toshiba App Place) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


System errors:
=============
Error: (10/07/2012 05:56:23 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/07/2012 05:56:23 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/07/2012 05:56:23 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/07/2012 05:56:23 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/07/2012 05:56:23 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (10/07/2012 05:56:23 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (10/07/2012 05:56:21 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (10/07/2012 05:56:21 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (10/07/2012 05:56:21 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (10/07/2012 05:55:53 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (10/07/2012 05:58:36 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\steve\Downloads\esetsmartinstaller_enu.exe

Error: (10/07/2012 05:57:30 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 03:57:43 PM) (Source: ESENT)(User: )
Description: wuaueng.dll372SUS20ClientDataStore: 0320x00000000013704A00x000000000x0000000000000D581

Error: (10/07/2012 03:55:54 PM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 07:36:09 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 07:34:54 AM) (Source: System Restore)(User: )
Description: Windows Update

Error: (10/07/2012 07:27:55 AM) (Source: System Restore)(User: )
Description: Windows Update

Error: (10/07/2012 07:24:56 AM) (Source: System Restore)(User: )
Description: Windows Update

Error: (10/07/2012 07:20:15 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/07/2012 05:41:24 AM) (Source: Toshiba App Place)(User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader 9.3.4 (Version: 9.3.4)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
Amazon Links (Version: 2.02)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Cake Mania - Lights, Camera, Action!™ (Version: 2.2.0.95)
CCleaner (Version: 3.13)
Chuzzle Deluxe (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Chrome (Version: 22.0.1229.79)
Google Update Helper (Version: 1.3.21.123)
Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2189)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.7.1002)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Jewel Quest - Heritage (Version: 2.2.0.95)
JMicron Flash Media Controller Driver (Version: 1.0.44.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Opera 12.02 (Version: 12.02.1578)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Polar Bowler (Version: 2.2.0.95)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.20.503.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6069)
Realtek WLAN Driver (Version: 2.00.0013)
Skype Launcher (Version: 2.01)
Slingo Supreme (Version: 2.2.0.95)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Toshiba App Place (Version: 1.0.6.3)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 3.00.11)
Toshiba Book Place (Version: 2.0.5271)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.2.12-A)
TOSHIBA eco Utility (Version: 1.2.18.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.6C)
TOSHIBA Hardware Setup (Version: 1.63.0.26C)
TOSHIBA HDD Protection (Version: 2.2.0.4)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
Toshiba Laptop Checkup (Version: 2.0.6.22)
TOSHIBA Media Controller (Version: 1.0.80.8.64)
TOSHIBA Media Controller Plug-in (Version: 1.0.5.11)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA PC Health Monitor (Version: 1.7.1.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Sleep Utility (Version: 1.4.1.2)
TOSHIBA Supervisor Password (Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.19.64)
TOSHIBA Web Camera Application (Version: 1.1.1.16)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Utility Common Driver (Version: 1.0.52.1C)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3890.67 MB
Available physical RAM: 2682.25 MB
Total Pagefile: 7779.54 MB
Available Pagefile: 6425.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.22 MB

========================= Partitions: =====================================

1 Drive c: (TI106045W0C) (Fixed) (Total:452.26 GB) (Free:403.76 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVE-PC

Administrator devonte Guest
steve

========================= Restore Points ==================================

16-09-2012 04:45:08 Windows Update
20-09-2012 00:38:54 Windows Update
22-09-2012 07:00:30 Windows Update
25-09-2012 16:23:05 Windows Update
26-09-2012 21:30:57 Windows Update
01-10-2012 02:45:30 Windows Update
02-10-2012 02:16:52 Windows Update
06-10-2012 04:49:09 Windows Update
07-10-2012 11:21:20 Restore Operation

**** End of log ****

Farbar Service Scanner Version: 07-10-2012
Ran by steve (administrator) on 07-10-2012 at 18:01:54
Running from "C:\Users\steve\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#6 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 05:18 PM

# AdwCleaner v2.004 - Logfile created 10/07/2012 at 18:04:55
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\steve\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Users\devonte\AppData\Roaming\Mozilla\Firefox\Profiles\2xbcegcn.default\searchplugins\Askcom.xml
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\devonte\AppData\Local\APN
Folder Deleted : C:\Users\devonte\AppData\Local\Conduit
Folder Deleted : C:\Users\devonte\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\devonte\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\devonte\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\devonte\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\devonte\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\steve\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\steve\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\FCTB
Folder Deleted : C:\Users\steve\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3018509
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v10.0.2 (en-US)

Profile name : default
File : C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\prefs.js

C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\fpe9ebct.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ironto&f=5");
Deleted : user_pref("extensions.facemoods.aflt", "ironto");
Deleted : user_pref("extensions.facemoods.dfltSrch", true);
Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Deleted : user_pref("extensions.facemoods.dnsErr", true);
Deleted : user_pref("extensions.facemoods.firstRun", true);
Deleted : user_pref("extensions.facemoods.hmpg", true);
Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ironto");
Deleted : user_pref("extensions.facemoods.id", "3efe84810000000000007431705f6c6d");
Deleted : user_pref("extensions.facemoods.instlDay", "15348");
Deleted : user_pref("extensions.facemoods.mntz", "");
Deleted : user_pref("extensions.facemoods.newTab", true);
Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ironto&f=2");
Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Deleted : user_pref("extensions.facemoods.searchProviderAdded", true);
Deleted : user_pref("extensions.facemoods.sid", "358b2c309b884441aff13890a23f2638");
Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ironto&f=3");
Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "EDC77BC9AEB17A7B8675BA7F1BB6755D");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.id", "3efe84810000000000007431705f6c6d");
Deleted : user_pref("extensions.funmoods.instlDay", "15492");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2222:48:40");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2222:48:40");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2222:48:40");
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.DNSCatch", false);
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.FirstLaunchShown", true);
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.LastDate", 16);
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.customNewTab", false);
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.processAddrBar", false);
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.tb_lang", "en");
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.user_id", "67331379");
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.vars.disablecuidinject", "1");
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.vars.lastcheck", "Fri%20Jun%2001%202012%2003%3A[...]
Deleted : user_pref("freecause3ec5c2db24b0461bb12547c0d4cc89a3.yahooSearch", false);

Profile name : default
File : C:\Users\devonte\AppData\Roaming\Mozilla\Firefox\Profiles\2xbcegcn.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=16148");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\devonte\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\steve\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\devonte\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14831 octets] - [07/10/2012 18:03:51]
AdwCleaner[S2].txt - [15132 octets] - [07/10/2012 18:04:55]

########## EOF - C:\AdwCleaner[S2].txt - [15193 octets] ##########


Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.1 (10.07.2012)
OS: Windows 7 Home Premium x64
Ran by steve on Sun 10/07/2012 at 18:17:56.83
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_classes_root\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Removed the following from [PREFS.JS] :

user_pref("extentions.y2layers.defaultEnableAppsList", "pagerage,buzzdock,bestvideodownloader,ezlooker,dropdowndeals,twittube,toprelatedtopics,interstitialads");
user_pref("extentions.y2layers.installId", "b131336f-a4f4-4cbc-8422-4ccdab8294e1");
user_pref("extentions.y2layers.lastDnsTest", 371834);


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 10/07/2012 at 18:18:15.66
End of Report

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 PM

Posted 07 October 2012 - 05:20 PM

Right click on JUNKWARE tool and select run as administrator,post the generated log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 05:51 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.3.1 (10.07.2012)
OS: Windows 7 Home Premium x64
Ran by steve on Sun 10/07/2012 at 18:42:55.49
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/07/2012 06:44:10 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\steve\Downloads\JRT.exe (PID: 4540) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/07/2012 06:44:33 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 10/07/2012 at 18:43:15.99
End of Report

#9 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 05:52 PM

don't see a scan thing after etracting from Autoruns

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 PM

Posted 07 October 2012 - 06:00 PM

click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 smfsmf

smfsmf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 October 2012 - 06:06 PM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "HSON" "HotStartOn" "TOSHIBA Corporation" "c:\program files\toshiba\tbs\hson.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "ThpSrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosVolRegulator" " Toshiba Volume Regulator" "TOSHIBA Corporation" "c:\program files\toshiba\tosvolregulator\tosvolregulator.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HWSetup" "HWSetup" "TOSHIBA Electronics, Inc." "c:\program files\toshiba\utilities\hwsetup.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "NortonOnlineBackupReminder" "Toshiba Online Backup Service" "Toshiba" "c:\program files (x86)\toshiba\toshiba online backup\activation\tobuactivation.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
+ "ToshibaAppPlace" "Toshiba App Place" "Toshiba" "c:\program files (x86)\toshiba\toshiba app place\toshibaappplace.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TSleepSrv" "TOSHIBA Sleep Service" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba sleep utility\tsleepsrv.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "TOSHIBA Media Controller Plug-in" "TOSHIBA Media Controller Plug-in " "<TOSHIBA>" "c:\program files (x86)\toshiba\toshiba media controller plug-in\toshibamediacontrollerie.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton PC Checkup Setup" "Norton PC Checkup Stub Installer Application" "Symantec Corporation" "c:\users\steve\appdata\roaming\pccustubinstaller\symcpccuinstaller.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\toshiba games\toshiba game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "Norton PC Checkup Application Launcher" "Provides consolidated application launching facility" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.6.22\symcpcculaunchsvc.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "PCCUJobMgr" "Job Manager service for common client services" "Symantec Corporation" "c:\program files (x86)\norton pc checkup\engine\2.0.6.22\ccsvchst.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "Thpsrv" "TOSHIBA HDD Protection Service" "TOSHIBA Corporation" "c:\windows\system32\thpsrv.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "JMCR" "JMicron JMB38X Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "Thpdrv" "TOSHIBA HDD Protection Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpdrv.sys"
+ "Thpevm" "TOSHIBA HDD Protection - Shock Sensor Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\thpevm.sys"
+ "tos_sps64" "tos_sps64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files (x86)\common files\toshiba shared\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpf3lw73" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3lw73.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:18 PM

Posted 07 October 2012 - 06:19 PM

Download UNHIDE

http://www.bleepingcomputer.com/download/unhide/

Run this tool,this should unhide your hidden files

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users