Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon Rootkit [Solved]


  • This topic is locked This topic is locked

#1
Angela71

Angela71

    Member

  • Member
  • PipPip
  • 61 posts
My laptop which is monitored by Microsoft Security Essentials has detected an Alureon rootkit. It's running extremely slow with periodic shut-downs. MSE will attempt to get rid of it but then directs me to download Windows Defender Offline onto a USB and then to reboot the computer using the USB and run a full scan. WDO finds the Alureon rootkit as well and seems to get rid of it but as soon as the computer is re-booted again it comes back and the cycle continues.

It's driving me crazy! PLEASE HELP!!

Many thanks in advance.

p/s. It is installed with Windows 7

Edited by Angela71, 25 October 2012 - 09:34 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Angela71, :wave: and Welcome to the forums.
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.


Step-1.

Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans IF your system is a 64bit system
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip (DO NOT change the default action for any suspicious objects found), click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log
4. The TDSSKiller log
  • 0

#3
Angela71

Angela71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you for responding so quickly! Following are the 4 requested logs. Please advise. Continued thanks!




OTL logfile created on: 10/25/2012 8:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 43.12% Memory free
7.20 Gb Paging File | 4.80 Gb Available in Paging File | 66.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.40 Gb Total Space | 244.72 Gb Free Space | 86.05% Space Free | Partition Type: NTFS

Computer Name: NICKSLAPTOP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/25 20:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2012/10/20 19:53:12 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 11:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/08 00:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/10/20 20:45:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/07/19 11:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 11:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/08 01:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/08 00:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 18:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\SearchScopes,DefaultScope = {9123C1B8-F75E-4441-BEF2-5B51C10ADAB0}
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\SearchScopes\{9123C1B8-F75E-4441-BEF2-5B51C10ADAB0}: "URL" = http://search.yahoo....}&fr=chr-swat02
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\SearchScopes\{D29E7F6D-159A-42F0-81F9-A4D1B1C2772D}: "URL" = http://www.google.co...1I7TSNO_enUS460
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\SearchScopes\{EA6ED5E5-FC3D-4A5A-BDD2-399DDAF9E1D2}: "URL" = http://search.yahoo....,18175,0,0,6484
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3497695971-377078152-269240526-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3497695971-377078152-269240526-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D45D7F5D-84C9-472B-BA43-F84DD4602E0B}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 20:54:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/10/20 20:35:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/10/20 20:35:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/10/20 20:35:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/10/20 20:35:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/10/20 20:35:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/10/20 20:35:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/10/20 20:35:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/10/20 20:35:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/10/20 20:35:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/10/20 20:35:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/10/20 20:35:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/10/20 20:35:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/10/20 20:35:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/10/20 20:35:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/10/20 20:35:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/10/20 20:05:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2012/10/20 20:04:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/20 20:04:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/20 20:04:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/20 20:04:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/20 20:04:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/20 20:04:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/20 20:04:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/20 20:04:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/20 20:04:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/20 20:04:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/20 20:04:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/20 20:04:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/20 20:04:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/20 20:04:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/20 20:04:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/20 20:04:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/20 20:04:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/20 20:04:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/20 20:04:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/20 20:04:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/20 20:04:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/20 20:04:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/20 20:04:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/20 20:04:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/20 20:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/20 20:04:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/20 20:04:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/20 20:04:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/20 20:04:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/20 20:04:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/20 20:04:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/20 20:04:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/20 20:04:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/20 20:04:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/20 20:04:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/20 20:04:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/20 20:04:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/20 20:04:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/20 20:04:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/20 20:04:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/20 20:04:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/20 20:04:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/20 20:03:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/20 20:03:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/20 20:03:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/20 19:40:00 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/10/20 19:36:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\svchost.exe
[2012/10/20 18:22:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2012/10/20 18:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/20 18:21:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/20 17:43:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ElevatedDiagnostics
[2012/10/20 17:42:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Diagnostics
[2012/10/20 02:09:01 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2012/10/17 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\MusicOasis
[2012/10/07 20:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012/10/07 20:23:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Conexant
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/25 20:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2012/10/25 20:54:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 20:54:26 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 20:53:39 | 000,729,816 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/25 20:53:39 | 000,626,512 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/25 20:53:39 | 000,107,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/25 20:46:29 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 20:46:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/25 20:46:04 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 20:44:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 20:44:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 20:45:10 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/20 20:45:10 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/20 20:42:11 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/20 20:42:11 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2011/11/28 16:30:01 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/08/24 13:07:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/08/24 12:57:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/08/24 12:53:33 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\L
[2012/10/23 21:54:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U
[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Home\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\L
[2012/10/20 04:39:09 | 000,000,000 | -HSD | M] -- C:\Users\Home\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Home\AppData\Local\{f26d87d5-f720-fbcd-43ba-c146d51f3e60}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll

========== LOP Check ==========

[2012/10/20 22:30:00 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2011/12/25 19:38:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Book Place
[2012/10/17 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MusicOasis
[2012/04/26 18:52:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Spotify
[2011/11/28 16:52:36 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Tific
[2011/11/28 16:20:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Toshiba
[2011/11/28 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2010/11/16 00:02:36 | 000,000,264 | ---- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,225 | ---- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,245 | ---- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,225 | ---- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,228 | ---- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2010/11/16 00:02:24 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,233 | ---- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,231 | ---- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,230 | ---- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,226 | ---- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
[2010/11/16 00:02:36 | 000,000,232 | ---- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,233 | ---- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2010/11/16 00:02:36 | 000,000,231 | ---- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,231 | ---- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,225 | ---- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,228 | ---- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2010/11/16 00:02:24 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,228 | ---- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,232 | ---- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2010/11/16 00:02:38 | 000,000,231 | ---- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,231 | ---- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,228 | ---- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2010/11/16 00:02:32 | 000,000,229 | ---- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2010/11/16 00:02:30 | 000,000,234 | ---- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2010/11/16 00:02:26 | 000,000,227 | ---- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2010/11/16 00:02:34 | 000,000,229 | ---- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010/11/16 00:02:22 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = \Device\Tcpip_{62D3F1EA-C689-453C- [Binary data over 200 bytes]
"Route" = "Tcpip" "{62D3F1EA-C689-453C-8756- [Binary data over 200 bytes]
"Export" = \Device\NetBT_Tcpip_{62D3F1EA-C689 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3EC5650C-AD7D-42DA-9E65-7CE14E982D60}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{62D3F1EA-C689-453C-8756-B55F649C3613}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{D45D7F5D-84C9-472B-BA43-F84DD4602E0B}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = 01 00 04 80 B4 00 00 00 C0 00 00 00 00 00 00 00 14 00 00 00 02 00 A0 00 07 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 25 02 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 13 00 00 00 00 00 14 00 40 00 00 00 01 01 00 00 00 00 00 05 14 00 00 00 00 00 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 06 01 03 01 00 01 01 01 08 01 07 01 05 01 04 01 02 [binary data]
"Bind" = \Device\NetBT_Tcpip_{62D3F1EA-C689 [Binary data over 200 bytes]
"Route" = "NetBT" "Tcpip" "{62D3F1EA-C689-45 [Binary data over 200 bytes]
"Export" = \Device\NetBIOS_NetBT_Tcpip_{62D3F [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/21 21:24:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/21 21:24:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/21 21:24:41 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/29 22:58:46 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/21 21:24:40 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/21 21:24:40 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/21 21:24:40 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 01:08:49 | 000,032,636 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011/08/24 13:52:50 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 13:52:51 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 22:33:04 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK3265GSXN SATA Disk Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 284.00GB
Starting Offset: 1573912576
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 306948603904
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: NICKSLAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C TI106232W0C NTFS Partition 284 GB Healthy Boot
Volume 2 System NTFS Partition 1500 MB Healthy Hidden

< End of report >





OTL Extras logfile created on: 10/25/2012 8:58:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 43.12% Memory free
7.20 Gb Paging File | 4.80 Gb Available in Paging File | 66.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.40 Gb Total Space | 244.72 Gb Free Space | 86.05% Space Free | Partition Type: NTFS

Computer Name: NICKSLAPTOP | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"NortonPCCheckup" = Toshiba Laptop Checkup
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0996f600-4e2b-4bd0-9c0d-65c8260b0ca5" = Plants vs. Zombies - Game of the Year
"WTA-2229074b-1c2c-4939-bdc5-f8d2a96762d5" = Polar Bowler
"WTA-24c979a4-d7f3-47f8-859d-f47c967edb39" = Zuma's Revenge
"WTA-3c4ed121-e5df-462c-b303-ed0a11f86ea7" = Chuzzle Deluxe
"WTA-92ee0163-66c4-4e19-b844-af034ff624e3" = Virtual Villagers 5 - New Believers
"WTA-a170d71c-e5a4-4782-ad3e-5caec219d990" = Fishdom ™ 2
"WTA-a9b4a54d-08b4-4882-83da-45583e914420" = FATE - The Traitor Soul
"WTA-ba80b7c1-4726-43a1-a5b7-8e8412ba7430" = Bejeweled 3
"WTA-c79b7474-f896-4abb-84c0-882ece912232" = Tom Clancy's Splinter Cell
"WTA-dd6cd246-2f81-4d05-b2ae-9a98941bf01e" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/14/2012 6:16:59 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xfa0 Faulting application start time: 0x01cdaa551b8f0b78 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: deaea332-164c-11e2-a95c-00266cd63540

Error - 10/14/2012 6:21:01 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x12b4 Faulting application start time: 0x01cdaa59c71af060 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: 6f09f3f1-164d-11e2-a95c-00266cd63540

Error - 10/14/2012 8:16:48 PM | Computer Name = NicksLaptop | Source = WinMgmt | ID = 28
Description =

Error - 10/14/2012 8:16:58 PM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 10/14/2012 8:19:38 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xed8 Faulting application start time: 0x01cdaa6a77a16547 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: 00ed26cf-165e-11e2-8e3e-00266cd63540

Error - 10/14/2012 8:33:20 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1238 Faulting application start time: 0x01cdaa6acf938cb9 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: eacbc1c8-165f-11e2-8e3e-00266cd63540

Error - 10/14/2012 8:41:53 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1314 Faulting application start time: 0x01cdaa6cccfb8f55 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: 1c7c51b1-1661-11e2-8e3e-00266cd63540

Error - 10/14/2012 8:53:31 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x13f0 Faulting application start time: 0x01cdaa6de93db2d0 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: bce7e9bb-1662-11e2-8e3e-00266cd63540

Error - 10/14/2012 9:11:27 PM | Computer Name = NicksLaptop | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0xf60 Faulting application start time: 0x01cdaa6f954fcec6 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\windows\SysWOW64\ntdll.dll
Report
Id: 3dedb7fd-1665-11e2-8e3e-00266cd63540

Error - 10/15/2012 9:09:00 PM | Computer Name = NicksLaptop | Source = WinMgmt | ID = 28
Description =

[ System Events ]
Error - 10/24/2012 8:45:45 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 10/24/2012 8:45:45 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/24/2012 8:51:11 PM | Computer Name = NicksLaptop | Source = DCOM | ID = 10010
Description =

Error - 10/24/2012 8:52:04 PM | Computer Name = NicksLaptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

Error - 10/25/2012 8:46:22 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/25/2012 8:46:22 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 10/25/2012 8:46:22 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/25/2012 8:46:32 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 10/25/2012 8:46:55 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 10/25/2012 8:46:55 PM | Computer Name = NicksLaptop | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 21:39:55
-----------------------------
21:39:55.050 OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:55.050 Number of processors: 2 586 0x200
21:39:55.060 ComputerName: NICKSLAPTOP UserName: Home
21:39:58.492 Initialize success
21:55:38.545 AVAST engine defs: 12102502
22:01:34.319 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
22:01:34.319 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
22:01:34.329 Device \Driver\amd_sata -> MajorFunction fffffa800460f5e8
22:01:34.329 Disk 0 MBR read successfully
22:01:34.339 Disk 0 MBR scan
22:01:34.359 Disk 0 Windows VISTA default MBR code
22:01:34.359 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:01:34.452 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291228 MB offset 3074048
22:01:34.551 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12516 MB offset 599508992
22:01:34.711 Disk 0 scanning C:\windows\system32\drivers
22:01:55.241 Service scanning
22:03:18.782 Modules scanning
22:03:18.802 Disk 0 trace - called modules:
22:03:19.164 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa800460f5e8]<<
22:03:19.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004118400]
22:03:19.194 3 CLASSPNP.SYS[fffff8800195943f] -> nt!IofCallDriver -> [0xfffffa8003c03040]
22:03:19.204 5 amd_xata.sys[fffff880010858b4] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8003b661d0]
22:03:19.224 \Driver\amd_sata[0xfffffa8004524840] -> IRP_MJ_CREATE -> 0xfffffa800460f5e8
22:03:21.854 AVAST engine scan C:\windows
22:03:26.506 AVAST engine scan C:\windows\system32
22:12:06.379 AVAST engine scan C:\windows\system32\drivers
22:12:43.372 AVAST engine scan C:\Users\Home
22:16:45.412 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
22:16:45.436 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"



22:18:29.0429 1748 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:18:29.0694 1748 ============================================================
22:18:29.0694 1748 Current date / time: 2012/10/25 22:18:29.0694
22:18:29.0694 1748 SystemInfo:
22:18:29.0694 1748
22:18:29.0697 1748 OS Version: 6.1.7601 ServicePack: 1.0
22:18:29.0697 1748 Product type: Workstation
22:18:29.0697 1748 ComputerName: NICKSLAPTOP
22:18:29.0697 1748 UserName: Home
22:18:29.0697 1748 Windows directory: C:\windows
22:18:29.0697 1748 System windows directory: C:\windows
22:18:29.0698 1748 Running under WOW64
22:18:29.0698 1748 Processor architecture: Intel x64
22:18:29.0698 1748 Number of processors: 2
22:18:29.0698 1748 Page size: 0x1000
22:18:29.0698 1748 Boot type: Normal boot
22:18:29.0698 1748 ============================================================
22:18:33.0493 1748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:18:33.0525 1748 ============================================================
22:18:33.0525 1748 \Device\Harddisk0\DR0:
22:18:33.0525 1748 MBR partitions:
22:18:33.0525 1748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
22:18:33.0525 1748 ============================================================
22:18:33.0551 1748 C: <-> \Device\Harddisk0\DR0\Partition1
22:18:33.0552 1748 ============================================================
22:18:33.0552 1748 Initialize success
22:18:33.0552 1748 ============================================================
22:19:21.0785 4984 ============================================================
22:19:21.0785 4984 Scan started
22:19:21.0785 4984 Mode: Manual; SigCheck; TDLFS;
22:19:21.0785 4984 ============================================================
22:19:23.0971 4984 ================ Scan system memory ========================
22:19:23.0971 4984 System memory - ok
22:19:23.0977 4984 ================ Scan services =============================
22:19:24.0961 4984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:19:25.0277 4984 1394ohci - ok
22:19:25.0349 4984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:19:25.0409 4984 ACPI - ok
22:19:25.0454 4984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:19:25.0723 4984 AcpiPmi - ok
22:19:26.0187 4984 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:19:26.0237 4984 AdobeFlashPlayerUpdateSvc - ok
22:19:26.0361 4984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:19:26.0428 4984 adp94xx - ok
22:19:26.0483 4984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:19:26.0533 4984 adpahci - ok
22:19:26.0615 4984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:19:26.0665 4984 adpu320 - ok
22:19:26.0736 4984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:19:27.0276 4984 AeLookupSvc - ok
22:19:27.0348 4984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:19:27.0451 4984 AFD - ok
22:19:27.0492 4984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:19:27.0543 4984 agp440 - ok
22:19:27.0613 4984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:19:27.0675 4984 ALG - ok
22:19:27.0757 4984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:19:27.0787 4984 aliide - ok
22:19:27.0870 4984 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:19:28.0072 4984 AMD External Events Utility - ok
22:19:28.0127 4984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:19:28.0166 4984 amdide - ok
22:19:28.0251 4984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:19:28.0325 4984 AmdK8 - ok
22:19:28.0923 4984 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:19:29.0454 4984 amdkmdag - ok
22:19:29.0547 4984 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
22:19:29.0642 4984 amdkmdap - ok
22:19:29.0697 4984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:19:29.0766 4984 AmdPPM - ok
22:19:29.0828 4984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:19:29.0878 4984 amdsata - ok
22:19:29.0940 4984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:19:29.0980 4984 amdsbs - ok
22:19:30.0052 4984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:19:30.0092 4984 amdxata - ok
22:19:30.0147 4984 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys
22:19:30.0188 4984 amd_sata - ok
22:19:30.0228 4984 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys
22:19:30.0260 4984 amd_xata - ok
22:19:30.0317 4984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:19:30.0864 4984 AppID - ok
22:19:30.0926 4984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:19:31.0082 4984 AppIDSvc - ok
22:19:31.0138 4984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:19:31.0290 4984 Appinfo - ok
22:19:31.0360 4984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:19:31.0390 4984 arc - ok
22:19:31.0415 4984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:19:31.0462 4984 arcsas - ok
22:19:31.0542 4984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:19:31.0678 4984 AsyncMac - ok
22:19:31.0721 4984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:19:31.0757 4984 atapi - ok
22:19:31.0884 4984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:19:32.0031 4984 AudioEndpointBuilder - ok
22:19:32.0083 4984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:19:32.0205 4984 AudioSrv - ok
22:19:32.0298 4984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:19:32.0452 4984 AxInstSV - ok
22:19:32.0541 4984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:19:32.0622 4984 b06bdrv - ok
22:19:32.0690 4984 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:19:32.0772 4984 b57nd60a - ok
22:19:32.0874 4984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:19:32.0960 4984 BDESVC - ok
22:19:33.0032 4984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:19:33.0213 4984 Beep - ok
22:19:33.0316 4984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:19:33.0512 4984 BITS - ok
22:19:33.0545 4984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:19:33.0599 4984 blbdrive - ok
22:19:33.0671 4984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:19:33.0768 4984 bowser - ok
22:19:33.0838 4984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:19:33.0934 4984 BrFiltLo - ok
22:19:33.0979 4984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:19:34.0071 4984 BrFiltUp - ok
22:19:34.0129 4984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:19:34.0183 4984 Browser - ok
22:19:34.0247 4984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:19:34.0325 4984 Brserid - ok
22:19:34.0335 4984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:19:34.0412 4984 BrSerWdm - ok
22:19:34.0487 4984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:19:34.0557 4984 BrUsbMdm - ok
22:19:34.0591 4984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:19:34.0662 4984 BrUsbSer - ok
22:19:34.0729 4984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:19:34.0800 4984 BTHMODEM - ok
22:19:34.0891 4984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:19:35.0069 4984 bthserv - ok
22:19:35.0129 4984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:19:35.0243 4984 cdfs - ok
22:19:35.0348 4984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:19:35.0415 4984 cdrom - ok
22:19:35.0483 4984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:19:35.0791 4984 CertPropSvc - ok
22:19:35.0844 4984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:19:35.0897 4984 circlass - ok
22:19:35.0955 4984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:19:36.0002 4984 CLFS - ok
22:19:36.0231 4984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:36.0271 4984 clr_optimization_v2.0.50727_32 - ok
22:19:36.0473 4984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:19:36.0503 4984 clr_optimization_v2.0.50727_64 - ok
22:19:36.0817 4984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:19:36.0871 4984 clr_optimization_v4.0.30319_32 - ok
22:19:37.0160 4984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:19:37.0211 4984 clr_optimization_v4.0.30319_64 - ok
22:19:37.0257 4984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:19:37.0313 4984 CmBatt - ok
22:19:37.0358 4984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:19:37.0405 4984 cmdide - ok
22:19:37.0473 4984 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:19:37.0607 4984 CNG - ok
22:19:37.0833 4984 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:19:37.0963 4984 CnxtHdAudService - ok
22:19:38.0039 4984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:19:38.0081 4984 Compbatt - ok
22:19:38.0138 4984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:19:38.0213 4984 CompositeBus - ok
22:19:38.0265 4984 COMSysApp - ok
22:19:38.0327 4984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:19:38.0368 4984 crcdisk - ok
22:19:38.0460 4984 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:19:38.0571 4984 CryptSvc - ok
22:19:38.0682 4984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:19:38.0854 4984 DcomLaunch - ok
22:19:38.0917 4984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:19:39.0060 4984 defragsvc - ok
22:19:39.0138 4984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:19:39.0247 4984 DfsC - ok
22:19:39.0320 4984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:19:39.0489 4984 Dhcp - ok
22:19:39.0530 4984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:19:39.0660 4984 discache - ok
22:19:39.0744 4984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:19:39.0784 4984 Disk - ok
22:19:39.0876 4984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:19:39.0942 4984 Dnscache - ok
22:19:40.0008 4984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:19:40.0140 4984 dot3svc - ok
22:19:40.0220 4984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:19:40.0386 4984 DPS - ok
22:19:40.0435 4984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:19:40.0485 4984 drmkaud - ok
22:19:40.0627 4984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:19:40.0746 4984 DXGKrnl - ok
22:19:40.0796 4984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:19:40.0950 4984 EapHost - ok
22:19:41.0188 4984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:19:41.0420 4984 ebdrv - ok
22:19:41.0480 4984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:19:41.0542 4984 EFS - ok
22:19:41.0774 4984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:19:42.0006 4984 ehRecvr - ok
22:19:42.0098 4984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:19:42.0280 4984 ehSched - ok
22:19:42.0400 4984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:19:42.0460 4984 elxstor - ok
22:19:42.0495 4984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:19:42.0552 4984 ErrDev - ok
22:19:42.0644 4984 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys
22:19:42.0685 4984 ETD - ok
22:19:42.0761 4984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:19:43.0044 4984 EventSystem - ok
22:19:43.0081 4984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:19:43.0234 4984 exfat - ok
22:19:43.0265 4984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:19:43.0495 4984 fastfat - ok
22:19:43.0605 4984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:19:43.0720 4984 Fax - ok
22:19:43.0786 4984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:19:43.0881 4984 fdc - ok
22:19:43.0941 4984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:19:44.0104 4984 fdPHost - ok
22:19:44.0145 4984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:19:44.0310 4984 FDResPub - ok
22:19:44.0354 4984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:19:44.0386 4984 FileInfo - ok
22:19:44.0398 4984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:19:44.0524 4984 Filetrace - ok
22:19:44.0566 4984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:19:44.0614 4984 flpydisk - ok
22:19:44.0646 4984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:19:44.0690 4984 FltMgr - ok
22:19:44.0785 4984 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:19:44.0883 4984 FontCache - ok
22:19:44.0987 4984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:45.0025 4984 FontCache3.0.0.0 - ok
22:19:45.0053 4984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:19:45.0092 4984 FsDepends - ok
22:19:45.0135 4984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:19:45.0173 4984 Fs_Rec - ok
22:19:45.0246 4984 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:19:45.0303 4984 fvevol - ok
22:19:45.0355 4984 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
22:19:45.0456 4984 FwLnk - ok
22:19:45.0529 4984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:19:45.0576 4984 gagp30kx - ok
22:19:45.0801 4984 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:19:45.0851 4984 GamesAppService - ok
22:19:45.0924 4984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:19:46.0055 4984 gpsvc - ok
22:19:46.0136 4984 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:19:46.0166 4984 gupdate - ok
22:19:46.0206 4984 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:19:46.0243 4984 gupdatem - ok
22:19:46.0358 4984 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:19:46.0388 4984 gusvc - ok
22:19:46.0445 4984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:19:46.0495 4984 hcw85cir - ok
22:19:46.0577 4984 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:19:46.0662 4984 HdAudAddService - ok
22:19:46.0729 4984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:19:46.0819 4984 HDAudBus - ok
22:19:46.0878 4984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:19:46.0921 4984 HidBatt - ok
22:19:46.0983 4984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:19:47.0103 4984 HidBth - ok
22:19:47.0133 4984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:19:47.0194 4984 HidIr - ok
22:19:47.0245 4984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:19:47.0390 4984 hidserv - ok
22:19:47.0486 4984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:19:47.0519 4984 HidUsb - ok
22:19:47.0569 4984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:19:47.0733 4984 hkmsvc - ok
22:19:47.0794 4984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:19:47.0867 4984 HomeGroupListener - ok
22:19:47.0934 4984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:19:47.0999 4984 HomeGroupProvider - ok
22:19:48.0053 4984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:19:48.0096 4984 HpSAMD - ok
22:19:48.0168 4984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:19:48.0298 4984 HTTP - ok
22:19:48.0340 4984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:19:48.0378 4984 hwpolicy - ok
22:19:48.0421 4984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:19:48.0475 4984 i8042prt - ok
22:19:48.0552 4984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:19:48.0623 4984 iaStorV - ok
22:19:48.0725 4984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:19:48.0794 4984 idsvc - ok
22:19:48.0831 4984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:19:48.0874 4984 iirsp - ok
22:19:48.0979 4984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:19:49.0111 4984 IKEEXT - ok
22:19:49.0176 4984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:19:49.0216 4984 intelide - ok
22:19:49.0237 4984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
22:19:49.0312 4984 intelppm - ok
22:19:49.0362 4984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:19:49.0503 4984 IPBusEnum - ok
22:19:49.0556 4984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:19:49.0682 4984 IpFilterDriver - ok
22:19:49.0713 4984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:19:49.0766 4984 IPMIDRV - ok
22:19:49.0828 4984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:19:49.0957 4984 IPNAT - ok
22:19:50.0017 4984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:19:50.0070 4984 IRENUM - ok
22:19:50.0101 4984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:19:50.0141 4984 isapnp - ok
22:19:50.0182 4984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:19:50.0246 4984 iScsiPrt - ok
22:19:50.0297 4984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:19:50.0330 4984 kbdclass - ok
22:19:50.0363 4984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
22:19:50.0414 4984 kbdhid - ok
22:19:50.0444 4984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:19:50.0492 4984 KeyIso - ok
22:19:50.0561 4984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:19:50.0606 4984 KSecDD - ok
22:19:50.0651 4984 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:19:50.0688 4984 KSecPkg - ok
22:19:50.0760 4984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:19:50.0908 4984 ksthunk - ok
22:19:51.0002 4984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:19:51.0138 4984 KtmRm - ok
22:19:51.0204 4984 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:19:51.0243 4984 L1C - ok
22:19:51.0330 4984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:19:51.0465 4984 LanmanServer - ok
22:19:51.0543 4984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:19:51.0689 4984 LanmanWorkstation - ok
22:19:51.0811 4984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:19:51.0959 4984 lltdio - ok
22:19:52.0038 4984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:19:52.0193 4984 lltdsvc - ok
22:19:52.0241 4984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:19:52.0348 4984 lmhosts - ok
22:19:52.0381 4984 lsgdydoz - ok
22:19:52.0413 4984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:19:52.0448 4984 LSI_FC - ok
22:19:52.0493 4984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:19:52.0525 4984 LSI_SAS - ok
22:19:52.0544 4984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:19:52.0584 4984 LSI_SAS2 - ok
22:19:52.0643 4984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:19:52.0680 4984 LSI_SCSI - ok
22:19:52.0745 4984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:19:52.0900 4984 luafv - ok
22:19:52.0945 4984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:19:52.0994 4984 Mcx2Svc - ok
22:19:53.0057 4984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:19:53.0096 4984 megasas - ok
22:19:53.0168 4984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:19:53.0218 4984 MegaSR - ok
22:19:53.0300 4984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:19:53.0459 4984 MMCSS - ok
22:19:53.0502 4984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:19:53.0693 4984 Modem - ok
22:19:53.0754 4984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:19:53.0824 4984 monitor - ok
22:19:53.0897 4984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:19:53.0927 4984 mouclass - ok
22:19:53.0989 4984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:19:54.0039 4984 mouhid - ok
22:19:54.0101 4984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:19:54.0171 4984 mountmgr - ok
22:19:54.0283 4984 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
22:19:54.0348 4984 MpFilter - ok
22:19:54.0385 4984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:19:54.0415 4984 mpio - ok
22:19:54.0453 4984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:19:54.0578 4984 mpsdrv - ok
22:19:54.0623 4984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:19:54.0741 4984 MRxDAV - ok
22:19:54.0804 4984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:19:54.0913 4984 mrxsmb - ok
22:19:54.0964 4984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:19:55.0040 4984 mrxsmb10 - ok
22:19:55.0093 4984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:19:55.0162 4984 mrxsmb20 - ok
22:19:55.0219 4984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
22:19:55.0249 4984 msahci - ok
22:19:55.0276 4984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:19:55.0321 4984 msdsm - ok
22:19:55.0384 4984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:19:55.0444 4984 MSDTC - ok
22:19:55.0502 4984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:19:55.0621 4984 Msfs - ok
22:19:55.0691 4984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:19:55.0911 4984 mshidkmdf - ok
22:19:55.0959 4984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:19:55.0996 4984 msisadrv - ok
22:19:56.0068 4984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:19:56.0230 4984 MSiSCSI - ok
22:19:56.0262 4984 msiserver - ok
22:19:56.0331 4984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:19:56.0468 4984 MSKSSRV - ok
22:19:56.0656 4984 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:19:56.0684 4984 MsMpSvc - ok
22:19:56.0742 4984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:19:56.0891 4984 MSPCLOCK - ok
22:19:56.0944 4984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:19:57.0103 4984 MSPQM - ok
22:19:57.0142 4984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:19:57.0220 4984 MsRPC - ok
22:19:57.0265 4984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:19:57.0296 4984 mssmbios - ok
22:19:57.0353 4984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:19:57.0498 4984 MSTEE - ok
22:19:57.0542 4984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:19:57.0608 4984 MTConfig - ok
22:19:57.0643 4984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:19:57.0677 4984 Mup - ok
22:19:57.0741 4984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:19:57.0881 4984 napagent - ok
22:19:58.0003 4984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:19:58.0073 4984 NativeWifiP - ok
22:19:58.0225 4984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:19:58.0343 4984 NDIS - ok
22:19:58.0407 4984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:19:58.0559 4984 NdisCap - ok
22:19:58.0622 4984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:19:58.0771 4984 NdisTapi - ok
22:19:58.0921 4984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:19:59.0063 4984 Ndisuio - ok
22:19:59.0114 4984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:19:59.0243 4984 NdisWan - ok
22:19:59.0294 4984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:19:59.0402 4984 NDProxy - ok
22:19:59.0435 4984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:19:59.0558 4984 NetBIOS - ok
22:19:59.0615 4984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:19:59.0748 4984 NetBT - ok
22:19:59.0781 4984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:19:59.0810 4984 Netlogon - ok
22:19:59.0900 4984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:20:00.0027 4984 Netman - ok
22:20:00.0092 4984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:20:00.0242 4984 netprofm - ok
22:20:00.0296 4984 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:20:00.0339 4984 NetTcpPortSharing - ok
22:20:00.0434 4984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:20:00.0464 4984 nfrd960 - ok
22:20:00.0524 4984 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:20:00.0576 4984 NisDrv - ok
22:20:00.0634 4984 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:20:00.0684 4984 NisSrv - ok
22:20:00.0768 4984 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
22:20:00.0901 4984 NlaSvc - ok
22:20:00.0980 4984 Norton PC Checkup Application Launcher - ok
22:20:01.0010 4984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:20:01.0121 4984 Npfs - ok
22:20:01.0148 4984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:20:01.0267 4984 nsi - ok
22:20:01.0303 4984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:20:01.0435 4984 nsiproxy - ok
22:20:01.0527 4984 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:20:01.0622 4984 Ntfs - ok
22:20:01.0663 4984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:20:01.0748 4984 Null - ok
22:20:01.0761 4984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:20:01.0797 4984 nvraid - ok
22:20:01.0813 4984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:20:01.0850 4984 nvstor - ok
22:20:01.0864 4984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:20:01.0898 4984 nv_agp - ok
22:20:01.0924 4984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:20:01.0961 4984 ohci1394 - ok
22:20:02.0028 4984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:20:02.0103 4984 p2pimsvc - ok
22:20:02.0148 4984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:20:02.0200 4984 p2psvc - ok
22:20:02.0241 4984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:20:02.0302 4984 Parport - ok
22:20:02.0355 4984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:20:02.0392 4984 partmgr - ok
22:20:02.0453 4984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:20:02.0536 4984 PcaSvc - ok
22:20:02.0618 4984 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:20:02.0658 4984 PCCUJobMgr - ok
22:20:02.0750 4984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:20:02.0812 4984 pci - ok
22:20:02.0841 4984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
22:20:02.0873 4984 pciide - ok
22:20:02.0992 4984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:20:03.0042 4984 pcmcia - ok
22:20:03.0088 4984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:20:03.0124 4984 pcw - ok
22:20:03.0152 4984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:20:03.0317 4984 PEAUTH - ok
22:20:03.0671 4984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:20:03.0761 4984 PerfHost - ok
22:20:03.0860 4984 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:20:03.0903 4984 PGEffect - ok
22:20:03.0995 4984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:20:04.0158 4984 pla - ok
22:20:04.0223 4984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:20:04.0289 4984 PlugPlay - ok
22:20:04.0348 4984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:20:04.0406 4984 PNRPAutoReg - ok
22:20:04.0434 4984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:20:04.0476 4984 PNRPsvc - ok
22:20:04.0570 4984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:20:04.0760 4984 PolicyAgent - ok
22:20:04.0841 4984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:20:04.0993 4984 Power - ok
22:20:05.0077 4984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:20:05.0233 4984 PptpMiniport - ok
22:20:05.0292 4984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:20:05.0359 4984 Processor - ok
22:20:05.0421 4984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:20:05.0534 4984 ProfSvc - ok
22:20:05.0570 4984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:20:05.0603 4984 ProtectedStorage - ok
22:20:05.0643 4984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:20:05.0783 4984 Psched - ok
22:20:05.0937 4984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:20:06.0078 4984 ql2300 - ok
22:20:06.0105 4984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:20:06.0148 4984 ql40xx - ok
22:20:06.0196 4984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:20:06.0239 4984 QWAVE - ok
22:20:06.0286 4984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:20:06.0352 4984 QWAVEdrv - ok
22:20:06.0397 4984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:20:06.0518 4984 RasAcd - ok
22:20:06.0581 4984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:20:06.0733 4984 RasAgileVpn - ok
22:20:06.0793 4984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:20:06.0954 4984 RasAuto - ok
22:20:07.0006 4984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:20:07.0164 4984 Rasl2tp - ok
22:20:07.0248 4984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:20:07.0381 4984 RasMan - ok
22:20:07.0425 4984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:20:07.0551 4984 RasPppoe - ok
22:20:07.0622 4984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:20:07.0733 4984 RasSstp - ok
22:20:07.0751 4984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:20:07.0891 4984 rdbss - ok
22:20:07.0947 4984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:20:08.0006 4984 rdpbus - ok
22:20:08.0032 4984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:20:08.0163 4984 RDPCDD - ok
22:20:08.0238 4984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:20:08.0380 4984 RDPENCDD - ok
22:20:08.0436 4984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:20:08.0564 4984 RDPREFMP - ok
22:20:08.0624 4984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:20:08.0684 4984 RDPWD - ok
22:20:08.0766 4984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:20:08.0806 4984 rdyboost - ok
22:20:08.0898 4984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:20:09.0044 4984 RemoteAccess - ok
22:20:09.0140 4984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:20:09.0252 4984 RemoteRegistry - ok
22:20:09.0302 4984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:20:09.0439 4984 RpcEptMapper - ok
22:20:09.0487 4984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:20:09.0534 4984 RpcLocator - ok
22:20:09.0587 4984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:20:09.0737 4984 RpcSs - ok
22:20:09.0802 4984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:20:09.0934 4984 rspndr - ok
22:20:10.0028 4984 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:20:10.0130 4984 RSUSBSTOR - ok
22:20:10.0209 4984 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:20:10.0320 4984 RTL8192Ce - ok
22:20:10.0348 4984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:20:10.0376 4984 SamSs - ok
22:20:10.0458 4984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:20:10.0500 4984 sbp2port - ok
22:20:10.0531 4984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:20:10.0683 4984 SCardSvr - ok
22:20:10.0738 4984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:20:10.0892 4984 scfilter - ok
22:20:10.0982 4984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:20:11.0167 4984 Schedule - ok
22:20:11.0220 4984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:20:11.0331 4984 SCPolicySvc - ok
22:20:11.0364 4984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:20:11.0430 4984 SDRSVC - ok
22:20:11.0499 4984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:20:11.0631 4984 secdrv - ok
22:20:11.0682 4984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:20:11.0778 4984 seclogon - ok
22:20:11.0812 4984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:20:11.0963 4984 SENS - ok
22:20:12.0078 4984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:20:12.0131 4984 SensrSvc - ok
22:20:12.0200 4984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:20:12.0270 4984 Serenum - ok
22:20:12.0302 4984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:20:12.0342 4984 Serial - ok
22:20:12.0402 4984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:20:12.0434 4984 sermouse - ok
22:20:12.0511 4984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:20:12.0676 4984 SessionEnv - ok
22:20:12.0716 4984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:20:12.0776 4984 sffdisk - ok
22:20:12.0799 4984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:20:12.0848 4984 sffp_mmc - ok
22:20:12.0870 4984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:20:12.0948 4984 sffp_sd - ok
22:20:13.0004 4984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:20:13.0052 4984 sfloppy - ok
22:20:13.0123 4984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:20:13.0285 4984 ShellHWDetection - ok
22:20:13.0316 4984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
22:20:13.0346 4984 SiSRaid2 - ok
22:20:13.0367 4984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:20:13.0402 4984 SiSRaid4 - ok
22:20:13.0424 4984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:20:13.0577 4984 Smb - ok
22:20:13.0664 4984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:20:13.0831 4984 SNMPTRAP - ok
22:20:13.0888 4984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:20:13.0930 4984 spldr - ok
22:20:13.0996 4984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:20:14.0078 4984 Spooler - ok
22:20:14.0244 4984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:20:14.0561 4984 sppsvc - ok
22:20:14.0613 4984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:20:15.0050 4984 sppuinotify - ok
22:20:15.0197 4984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:20:15.0384 4984 srv - ok
22:20:15.0452 4984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:20:15.0526 4984 srv2 - ok
22:20:15.0577 4984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:20:15.0608 4984 srvnet - ok
22:20:15.0690 4984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:20:16.0121 4984 SSDPSRV - ok
22:20:16.0184 4984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:20:16.0355 4984 SstpSvc - ok
22:20:16.0399 4984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
22:20:16.0488 4984 stexstor - ok
22:20:16.0566 4984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:20:16.0667 4984 stisvc - ok
22:20:16.0748 4984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:20:16.0778 4984 swenum - ok
22:20:16.0890 4984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:20:17.0050 4984 swprv - ok
22:20:17.0182 4984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:20:17.0346 4984 SysMain - ok
22:20:17.0408 4984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:20:17.0518 4984 TabletInputService - ok
22:20:17.0610 4984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:20:17.0771 4984 TapiSrv - ok
22:20:17.0842 4984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:20:18.0001 4984 TBS - ok
22:20:18.0144 4984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:20:18.0315 4984 Tcpip - ok
22:20:18.0456 4984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:20:18.0602 4984 TCPIP6 - ok
22:20:18.0671 4984 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:20:18.0774 4984 tcpipreg - ok
22:20:18.0837 4984 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:20:18.0873 4984 tdcmdpst - ok
22:20:18.0938 4984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:20:18.0990 4984 TDPIPE - ok
22:20:19.0044 4984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:20:19.0122 4984 TDTCP - ok
22:20:19.0184 4984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:20:19.0329 4984 tdx - ok
22:20:19.0355 4984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:20:19.0391 4984 TermDD - ok
22:20:19.0446 4984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:20:19.0599 4984 TermService - ok
22:20:19.0677 4984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:20:19.0731 4984 Themes - ok
22:20:19.0765 4984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:20:19.0906 4984 THREADORDER - ok
22:20:20.0082 4984 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:20:20.0122 4984 TMachInfo - ok
22:20:20.0213 4984 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
22:20:20.0244 4984 TODDSrv - ok
22:20:20.0454 4984 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:20:20.0544 4984 TosCoSrv - ok
22:20:20.0876 4984 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:20:20.0916 4984 TOSHIBA HDD SSD Alert Service - ok
22:20:20.0968 4984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:20:21.0119 4984 TrkWks - ok
22:20:21.0204 4984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:20:21.0440 4984 TrustedInstaller - ok
22:20:21.0500 4984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:20:21.0651 4984 tssecsrv - ok
22:20:21.0712 4984 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:20:21.0751 4984 TsUsbFlt - ok
22:20:21.0782 4984 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
22:20:21.0854 4984 TsUsbGD - ok
22:20:21.0956 4984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:20:22.0149 4984 tunnel - ok
22:20:22.0238 4984 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:20:22.0268 4984 TVALZ - ok
22:20:22.0317 4984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
22:20:22.0350 4984 uagp35 - ok
22:20:22.0431 4984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:20:22.0599 4984 udfs - ok
22:20:22.0660 4984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:20:22.0704 4984 UI0Detect - ok
22:20:22.0756 4984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:20:22.0786 4984 uliagpkx - ok
22:20:22.0866 4984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:20:22.0956 4984 umbus - ok
22:20:22.0986 4984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
22:20:23.0077 4984 UmPass - ok
22:20:23.0128 4984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:20:23.0276 4984 upnphost - ok
22:20:23.0331 4984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:20:23.0400 4984 usbccgp - ok
22:20:23.0462 4984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:20:23.0512 4984 usbcir - ok
22:20:23.0551 4984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:20:23.0614 4984 usbehci - ok
22:20:23.0670 4984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:20:23.0716 4984 usbhub - ok
22:20:23.0788 4984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:20:23.0858 4984 usbohci - ok
22:20:23.0933 4984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
22:20:23.0983 4984 usbprint - ok
22:20:24.0065 4984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:20:24.0155 4984 USBSTOR - ok
22:20:24.0202 4984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:20:24.0267 4984 usbuhci - ok
22:20:24.0369 4984 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:20:24.0420 4984 usbvideo - ok
22:20:24.0464 4984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:20:24.0592 4984 UxSms - ok
22:20:24.0637 4984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:20:24.0677 4984 VaultSvc - ok
22:20:24.0753 4984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:20:24.0783 4984 vdrvroot - ok
22:20:24.0942 4984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:20:25.0080 4984 vds - ok
22:20:25.0132 4984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:20:25.0174 4984 vga - ok
22:20:25.0188 4984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:20:25.0303 4984 VgaSave - ok
22:20:25.0320 4984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:20:25.0362 4984 vhdmp - ok
22:20:25.0374 4984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:20:25.0404 4984 viaide - ok
22:20:25.0433 4984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:20:25.0466 4984 volmgr - ok
22:20:25.0533 4984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:20:25.0574 4984 volmgrx - ok
22:20:25.0627 4984 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
22:20:25.0677 4984 volsnap - ok
22:20:25.0759 4984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
22:20:25.0789 4984 vsmraid - ok
22:20:25.0961 4984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:20:26.0180 4984 VSS - ok
22:20:26.0218 4984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:20:26.0281 4984 vwifibus - ok
22:20:26.0335 4984 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:20:26.0413 4984 vwififlt - ok
22:20:26.0463 4984 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
22:20:26.0533 4984 vwifimp - ok
22:20:26.0608 4984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:20:26.0740 4984 W32Time - ok
22:20:26.0819 4984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
22:20:26.0914 4984 WacomPen - ok
22:20:26.0990 4984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:20:27.0128 4984 WANARP - ok
22:20:27.0168 4984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:20:27.0271 4984 Wanarpv6 - ok
22:20:27.0573 4984 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:20:27.0664 4984 WatAdminSvc - ok
22:20:27.0767 4984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:20:27.0962 4984 wbengine - ok
22:20:28.0020 4984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:20:28.0081 4984 WbioSrvc - ok
22:20:28.0142 4984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:20:28.0235 4984 wcncsvc - ok
22:20:28.0317 4984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:20:28.0347 4984 WcsPlugInService - ok
22:20:28.0387 4984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
22:20:28.0423 4984 Wd - ok
22:20:28.0479 4984 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:20:28.0541 4984 Wdf01000 - ok
22:20:28.0598 4984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:20:28.0704 4984 WdiServiceHost - ok
22:20:28.0731 4984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:20:28.0792 4984 WdiSystemHost - ok
22:20:28.0883 4984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:20:28.0965 4984 WebClient - ok
22:20:29.0057 4984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:20:29.0251 4984 Wecsvc - ok
22:20:29.0301 4984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:20:29.0431 4984 wercplsupport - ok
22:20:29.0493 4984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:20:29.0612 4984 WerSvc - ok
22:20:29.0665 4984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:20:29.0780 4984 WfpLwf - ok
22:20:29.0820 4984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:20:29.0875 4984 WIMMount - ok
22:20:29.0911 4984 WinHttpAutoProxySvc - ok
22:20:30.0144 4984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:20:30.0402 4984 Winmgmt - ok
22:20:30.0600 4984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:20:30.0882 4984 WinRM - ok
22:20:30.0999 4984 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:20:31.0039 4984 WinUsb - ok
22:20:31.0128 4984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:20:31.0284 4984 Wlansvc - ok
22:20:31.0372 4984 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:20:31.0412 4984 wlcrasvc - ok
22:20:31.0634 4984 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:20:31.0834 4984 wlidsvc - ok
22:20:31.0865 4984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:20:31.0938 4984 WmiAcpi - ok
22:20:31.0983 4984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:20:32.0148 4984 wmiApSrv - ok
22:20:32.0232 4984 WMPNetworkSvc - ok
22:20:32.0260 4984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:20:32.0312 4984 WPCSvc - ok
22:20:32.0359 4984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:20:32.0410 4984 WPDBusEnum - ok
22:20:32.0454 4984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:20:32.0554 4984 ws2ifsl - ok
22:20:32.0582 4984 WSearch - ok
22:20:32.0878 4984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:20:33.0084 4984 wuauserv - ok
22:20:33.0138 4984 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:20:33.0260 4984 WudfPf - ok
22:20:33.0321 4984 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:20:33.0501 4984 WUDFRd - ok
22:20:33.0569 4984 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:20:33.0679 4984 wudfsvc - ok
22:20:33.0735 4984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:20:33.0808 4984 WwanSvc - ok
22:20:34.0112 4984 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:20:34.0162 4984 YahooAUService - ok
22:20:34.0232 4984 ================ Scan global ===============================
22:20:34.0260 4984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:20:34.0334 4984 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:20:34.0374 4984 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:20:34.0414 4984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:20:34.0504 4984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:20:34.0514 4984 [Global] - ok
22:20:34.0514 4984 ================ Scan MBR ==================================
22:20:34.0534 4984 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
22:20:34.0534 4984 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:20:34.0606 4984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:20:34.0606 4984 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:20:34.0886 4984 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:20:34.0886 4984 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:20:34.0886 4984 ================ Scan VBR ==================================
22:20:34.0916 4984 [ DE8590BAA713DFEC22A1B646AC041426 ] \Device\Harddisk0\DR0\Partition1
22:20:34.0926 4984 \Device\Harddisk0\DR0\Partition1 - ok
22:20:34.0944 4984 ============================================================
22:20:34.0944 4984 Scan finished
22:20:34.0944 4984 ============================================================
22:20:34.0998 2432 Detected object count: 2
22:20:34.0999 2432 Actual detected object count: 2
22:22:20.0625 2432 \Device\Harddisk0\DR0\# - copied to quarantine
22:22:20.0655 2432 \Device\Harddisk0\DR0 - copied to quarantine
22:22:20.0949 2432 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:22:21.0081 2432 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:22:21.0256 2432 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:22:25.0536 2432 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:22:25.0723 2432 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:22:25.0744 2432 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:22:25.0801 2432 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:22:26.0735 2432 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:22:27.0107 2432 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:22:27.0229 2432 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:22:27.0275 2432 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:22:27.0304 2432 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:22:27.0361 2432 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:22:27.0713 2432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:22:27.0823 2432 \Device\Harddisk0\DR0 - ok
22:22:28.0464 2432 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:22:28.0466 2432 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:22:28.0466 2432 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
22:22:37.0928 3188 Deinitialize success



22:25:00.0166 2932 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:25:02.0178 2932 ============================================================
22:25:02.0178 2932 Current date / time: 2012/10/25 22:25:02.0178
22:25:02.0178 2932 SystemInfo:
22:25:02.0178 2932
22:25:02.0178 2932 OS Version: 6.1.7601 ServicePack: 1.0
22:25:02.0178 2932 Product type: Workstation
22:25:02.0178 2932 ComputerName: NICKSLAPTOP
22:25:02.0178 2932 UserName: Home
22:25:02.0178 2932 Windows directory: C:\windows
22:25:02.0178 2932 System windows directory: C:\windows
22:25:02.0178 2932 Running under WOW64
22:25:02.0178 2932 Processor architecture: Intel x64
22:25:02.0178 2932 Number of processors: 2
22:25:02.0178 2932 Page size: 0x1000
22:25:02.0178 2932 Boot type: Normal boot
22:25:02.0178 2932 ============================================================
22:25:07.0513 2932 BG loaded
22:25:08.0944 2932 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:25:08.0965 2932 ============================================================
22:25:08.0965 2932 \Device\Harddisk0\DR0:
22:25:08.0965 2932 MBR partitions:
22:25:08.0965 2932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CE000
22:25:08.0966 2932 ============================================================
22:25:09.0085 2932 C: <-> \Device\Harddisk0\DR0\Partition1
22:25:09.0085 2932 ============================================================
22:25:09.0085 2932 Initialize success
22:25:09.0085 2932 ============================================================
22:25:33.0882 2860 Deinitialize success
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angela,

:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.


Step-1.

Posted Image Re-run TDSSKiller

Please read carefully and follow these steps.

Delete the TDSS File System

  • Re-run TDSSKiller please with the same settings as before - when you see the following then change Skip to Delete:
    • \Device\Harddisk0\DR0 ( TDSS File System )
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Firewall and Anti-Virus


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
1. The TDSSKiller log
2. The ComboFix log
3. The FSS.txt log
4. Tell me how the computer is runing now
  • 0

#5
Angela71

Angela71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I think I'd rather take the safer approach and reformat/reinstall the OS. How is that done though? When the laptop was purchased through ToshibaDirect.com it didn't come with the Windows 7 discs...
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
What is the make and model of the Toshiba laptop?
  • 0

#7
Angela71

Angela71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
It's a Satellite C655D-S5300
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angela,

I found the User's Guide for your model on the Toshiba web site.
Below is the link to the downloads page at Toshiba for your model computer. Click on the User's Guide tab and wait for the pdf file to load. If you can find the User's Guide that came with the computer you won't need to go to the web site. Just go to page 64. It should be the same as what you will find on the web site.

http://www.csd.toshi...mily=1073768663

Go to page 64...Recovering to out-of-box state (recommended recovery method)
Follow steps 1 through 10 only on pages 64 through 66.
If you get the 32bit or 64bit option on step 4, yours is a 64bit system.
Do Not choose Recovering of factory default software with user data. If the rootkit is any of the user data it will reinfect the computer.

You will need to reinstall all Microsoft Windows updates after the restore. This includes service pack 1 if the system didn't come with SP1 installed from the factory.

You will need to reinstall all 3rd party software you had on the computer after the restore. Your Antivirus is Norton. You will need to check with them to see if you need to keep an activation key or exactly how to reinstall the software.

Back your data up before restoring

What to and not to backup before restoring

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive or a USB flash drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

If you have any other questions or need any other help let me know. And let me know how the restore went.
  • 0

#9
Angela71

Angela71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
It's in the process of recovery of factory default software right now. A couple questions though...
1. How do I get to all the Windows updates to make sure I've installed them all? Through my security center under the start icon or under Toshiba's website (I'm not sure what to select under Toshiba's list of download options...)?
2. I thought my anti-virus software was Microsoft Security Essentials? I thought I had uninstalled Norton and installed MSE cause MSE was the original program that detected the rootkit....?
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1. How do I get to all the Windows updates to make sure I've installed them all?

When you finish with the restore, click Windows Updates in the All Programs menu and go to the Microsoft website and start downloading :) You can't get Windows updates from the Toshiba site.

2. I thought my anti-virus software was Microsoft Security Essentials? I thought I had uninstalled Norton and installed MSE cause MSE was the original program that detected the rootkit....?

That's my bad. You had Norton PC Checkup on the system, not Norton AV. Your AV was Microsoft Security Essentials. So you will need to install that. I would get it on the system immediately after all of the Windows updates are done. As long as the Microsoft website is the only one you visit before putting an AV on the system you shouldn't get reinfected.
  • 0

#11
Angela71

Angela71

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
The restore went without any problems godawgs and everything seems to be working well! THANK YOU soooo much for helping me!
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are very welcome. I will leave this topic open for the next 24 hours or so. If anything comes up just let me know. If all remains good the topic will be closed then. :thumbsup:
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP