[kuroineko]

Hello sir's i recently noticed that my computer running so slow so i try to run a scan (avast anti-virus) on my laptop, after the scan i got a 1 threat result and it was the MBR: Alureon-G [RTK] i tried to cure/delete/move to chest the threat but it wont work, the apply button won't work. So i tried to search this threat name and it lead me here to this website i read some of post about this threat here but maybe i should make my own post rather than copying what they do in their post. Please help me sir i don't even know how long this threat is on my computer.

[Advertisements]

Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

• You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
• Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions!
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
• Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
• Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started!

First, please download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Make sure Use SafeList is selected under Extra Registry.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Then, Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Jasmyne]

Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

• You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
• Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions!
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
• Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
• Please reply within 3 days. Topics with no reply in 4 days are closed!

With that all stated, let's get started!

First, please download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Make sure Use SafeList is selected under Extra Registry.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  dir C:\ /S /A:L /C
  CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Then, Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[kuroineko]

OTL logfile created on: 8/18/2013 3:34:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr. Uncle\Downloads\Programs
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.08% Memory free
7.93 Gb Paging File | 5.58 Gb Available in Paging File | 70.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.31 Gb Total Space | 129.37 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
Drive D: | 155.91 Gb Total Space | 0.29 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
Drive E: | 30.00 Gb Total Space | 0.32 Gb Free Space | 1.06% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 10.22 Gb Free Space | 68.60% Space Free | Partition Type: FAT32

Computer Name: MRUNCLE-LAPPY | User Name: Mr. Uncle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 21:13:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mr. Uncle\Downloads\Programs\OTL.exe
PRC - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/06/25 03:08:15 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Mr. Uncle\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/06/03 05:33:34 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/12/12 21:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2011/04/03 06:13:17 | 001,128,927 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
PRC - [2010/06/29 04:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/03 23:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/08/07 12:47:46 | 000,354,640 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosHdpProc.exe
PRC - [2009/08/07 02:36:56 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/30 00:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/29 04:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/21 19:43:44 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
PRC - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/15 03:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/02 18:05:00 | 000,252,288 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
PRC - [2009/06/08 06:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 07:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/03/11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 04:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/07/24 03:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/07 15:33:54 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/08/06 19:01:20 | 000,864,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/08/06 19:00:59 | 009,739,056 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/25 08:49:46 | 000,396,240 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/25 08:49:45 | 013,599,184 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/25 08:49:44 | 004,052,944 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/25 08:48:54 | 000,601,552 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/25 08:48:53 | 000,123,344 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/25 08:48:51 | 001,597,392 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/18 22:09:40 | 000,529,200 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/05/09 12:38:46 | 000,516,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2013/05/09 12:38:46 | 000,245,040 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2013/05/09 12:38:46 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/05/09 12:38:46 | 000,068,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2013/05/09 12:38:44 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/05/09 12:38:42 | 000,065,840 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2013/05/09 12:38:42 | 000,055,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2013/05/09 12:38:42 | 000,016,688 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2013/05/09 12:38:40 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/05/09 12:38:38 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/05/09 12:38:38 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/05/09 12:38:38 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2013/05/09 12:38:38 | 000,184,624 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2013/05/09 12:38:32 | 000,026,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2013/05/09 12:38:30 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/05/09 12:38:30 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/05/09 12:38:30 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/05/09 12:38:28 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/05/09 12:38:24 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/05/09 12:38:22 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/05/09 12:38:20 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/05/09 12:38:20 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/05/09 12:38:20 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:28 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2011/04/03 06:13:17 | 001,128,927 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/29 04:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/04 04:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 17:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 19:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/04 01:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 22:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2013/06/25 03:08:15 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/26 08:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2009/08/17 18:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 03:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/30 13:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/15 03:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/23 02:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/11 02:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 17:57:42 | 000,172,920 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/29 04:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/06/29 04:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/06/29 04:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/06/29 04:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/29 04:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/08/17 20:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/05 22:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 20:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/08/01 09:13:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/31 04:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 03:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/29 04:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 23:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/24 19:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/14 08:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 07:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 06:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 05:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 05:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/29 23:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 17:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/26 23:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/23 01:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 18:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 17:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 20:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/11 05:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/11 04:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 23:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/05 01:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/23 05:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEH&bmod=TSEH
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\..\SearchScopes\{7362752C-4667-41D2-A142-5B63A8862F89}: "URL" = http://www.amazon.co...ed&linkCode=ur2
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\..\SearchScopes\{FEE17560-FAEE-46B3-818D-23B90A02484E}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mr. Uncle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mr. Uncle\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mr. Uncle\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Mr. Uncle\AppData\Roaming\IDM\idmmzcc5 [2013/08/17 01:26:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.startskins.com/4202188723/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mr. Uncle\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: FB Refresh = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdlfdaajmclngiomogmleihllaejcnni\2.1.0_0\
CHR - Extension: YouTube = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IDM Integration = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_0\
CHR - Extension: IDM Integration = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_1\
CHR - Extension: IDM Integration = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.1_2\
CHR - Extension: Gmail = C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000..\Run: [Akamai NetSession Interface] C:\Users\Mr. Uncle\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000..\Run: [Facebook Update] C:\Users\Mr. Uncle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKU\S-1-5-21-2821982361-1644398248-1705138086-1000..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\WTFastDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3159CCFD-F378-4075-8262-310835BC9C0C}: DhcpNameServer = 121.1.3.82 121.1.3.20 121.1.3.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907585BF-8545-4A26-A092-E7171057B9B9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/18 03:19:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{8ba449b9-8e4a-11e2-9395-002622e9f184}\Shell - "" = AutoRun
O33 - MountPoints2\{8ba449b9-8e4a-11e2-9395-002622e9f184}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8ba449ce-8e4a-11e2-9395-002622e9f184}\Shell - "" = AutoRun
O33 - MountPoints2\{8ba449ce-8e4a-11e2-9395-002622e9f184}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8ba449e4-8e4a-11e2-9395-002622e9f184}\Shell - "" = AutoRun
O33 - MountPoints2\{8ba449e4-8e4a-11e2-9395-002622e9f184}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{910c5d72-f17e-11e2-8797-002622e9f184}\Shell - "" = AutoRun
O33 - MountPoints2\{910c5d72-f17e-11e2-8797-002622e9f184}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/18 03:19:21 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Local\Akamai
[2013/08/18 03:19:03 | 000,000,000 | ---D | C] -- C:\Autodesk
[2013/08/17 22:08:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/08/17 21:52:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/17 03:17:18 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/17 03:17:18 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/17 03:17:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/17 01:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/08/17 01:26:27 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\IDM
[2013/08/17 01:26:27 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\DMCache
[2013/08/17 01:26:23 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/08/17 01:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/08/17 01:25:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/08/16 03:20:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Local\CrashRpt
[2013/08/16 03:20:40 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Camfrog
[2013/08/16 03:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camfrog
[2013/08/11 23:09:09 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2013/08/11 23:09:09 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2013/08/11 23:09:09 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2013/08/11 23:09:09 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2013/08/11 23:09:09 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2013/08/11 23:09:09 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2013/08/11 23:09:09 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2013/08/11 23:09:08 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2013/08/11 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\Documents\Freemake
[2013/08/11 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/11 22:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/11 22:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/08/11 19:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/08/11 18:42:55 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Local\Programs
[2013/08/08 20:22:25 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Nero
[2013/08/08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013/08/08 19:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013/08/08 19:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013/08/08 19:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013/08/08 19:50:05 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/08/07 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\Documents\DragonNest
[2013/08/07 14:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry De Games
[2013/08/04 00:51:55 | 000,000,000 | ---D | C] -- C:\DVD2ISO_Output
[2013/08/03 23:54:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/08/03 23:54:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/08/03 23:52:31 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Babylon
[2013/08/03 23:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/07/22 23:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/22 23:12:42 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2013/07/22 23:12:32 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\Documents\VirtualDJ
[2013/07/22 21:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/07/22 21:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/07/22 21:19:54 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70w.dll
[2013/07/22 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/07/22 21:19:12 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/07/22 21:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/07/22 21:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/07/22 21:11:16 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2013/07/22 21:11:15 | 000,881,664 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_d02d.dll
[2013/07/22 21:11:15 | 000,749,056 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_d02d.dll
[2013/07/22 21:11:15 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2013/07/22 21:11:14 | 000,516,096 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_d02a.dll
[2013/07/21 20:21:27 | 000,000,000 | ---D | C] -- C:\Users\Mr. Uncle\AppData\Roaming\U3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/18 03:41:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982361-1644398248-1705138086-1000UA.job
[2013/08/18 03:22:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982361-1644398248-1705138086-1000UA.job
[2013/08/18 02:23:23 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/18 02:23:23 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/18 02:23:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/17 22:20:45 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 22:20:45 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 22:13:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/08/17 22:12:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/17 22:11:50 | 3193,589,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/17 21:52:14 | 620,892,496 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/17 18:41:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2821982361-1644398248-1705138086-1000Core.job
[2013/08/17 11:31:03 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2821982361-1644398248-1705138086-1000Core.job
[2013/08/17 03:17:18 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/17 03:17:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/11 22:29:53 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/08/08 19:51:25 | 000,002,703 | ---- | M] () -- C:\Users\Mr. Uncle\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2013/08/08 03:29:00 | 000,294,432 | ---- | M] () -- C:\Users\Mr. Uncle\Desktop\Electrical Plan.dwg
[2013/08/07 14:14:35 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Nest.lnk
[2013/08/06 04:37:20 | 000,000,132 | ---- | M] () -- C:\Users\Mr. Uncle\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/08/06 02:10:11 | 000,216,832 | ---- | M] () -- C:\Users\Mr. Uncle\Desktop\Drawing1.dwg
[2013/07/31 13:44:11 | 000,002,403 | ---- | M] () -- C:\Users\Mr. Uncle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/30 01:22:51 | 002,725,197 | ---- | M] () -- C:\Users\Mr. Uncle\Desktop\ME415_elevators.pdf
[2013/07/27 13:17:01 | 004,948,304 | ---- | M] () -- C:\Users\Mr. Uncle\Desktop\Jireh Lim - Buko.mp3
[2013/07/23 14:25:49 | 005,059,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/22 21:27:40 | 000,173,329 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/07/19 22:41:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/17 21:52:14 | 620,892,496 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/08/11 22:29:52 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/08/08 19:51:25 | 000,002,703 | ---- | C] () -- C:\Users\Mr. Uncle\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2013/08/07 14:14:35 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Nest.lnk
[2013/08/06 02:10:49 | 000,294,432 | ---- | C] () -- C:\Users\Mr. Uncle\Desktop\Electrical Plan.dwg
[2013/08/05 12:52:08 | 000,216,832 | ---- | C] () -- C:\Users\Mr. Uncle\Desktop\Drawing1.dwg
[2013/08/04 00:22:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/07/30 01:22:50 | 002,725,197 | ---- | C] () -- C:\Users\Mr. Uncle\Desktop\ME415_elevators.pdf
[2013/07/27 13:14:05 | 004,948,304 | ---- | C] () -- C:\Users\Mr. Uncle\Desktop\Jireh Lim - Buko.mp3
[2013/07/22 21:11:39 | 000,173,329 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/07/22 21:11:39 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/07/19 22:41:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/28 02:47:02 | 000,122,832 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2013/03/28 02:47:02 | 000,000,188 | ---- | C] () -- C:\Windows\AGSCDV3.INI
[2013/03/12 20:10:29 | 000,000,132 | ---- | C] () -- C:\Users\Mr. Uncle\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/03/11 00:53:40 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 09:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 09:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 09:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 09:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/14 09:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 09:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 09:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 09:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 09:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 09:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 09:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 09:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 09:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 09:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 09:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 09:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 09:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 09:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 09:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 09:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 09:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 09:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 09:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 09:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 09:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 09:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/14 09:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2009/07/14 09:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 09:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 09:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 09:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 09:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 09:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2009/07/14 09:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2009/07/14 09:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 09:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2009/07/14 09:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2009/07/14 09:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 09:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2013/03/10 18:25:18 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 09:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 09:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 09:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 09:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 09:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 09:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 09:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 09:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/14 09:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 09:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/14 09:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 09:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 09:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 09:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 05:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 10:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 10:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 12:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 12:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 04:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 04:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 10:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 04:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 10:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 04:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 04:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 04:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is WINDOWS
Volume Serial Number is ACC4-8E57
Directory of C:\
07/14/2009 01:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 01:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 01:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 01:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 01:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 01:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 01:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 01:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 01:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 01:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 01:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 01:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mr. Uncle
03/10/2013 06:04 PM <JUNCTION> Application Data [C:\Users\Mr. Uncle\AppData\Roaming]
03/10/2013 06:04 PM <JUNCTION> Cookies [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Cookies]
03/10/2013 06:04 PM <JUNCTION> Local Settings [C:\Users\Mr. Uncle\AppData\Local]
03/10/2013 06:04 PM <JUNCTION> My Documents [C:\Users\Mr. Uncle\Documents]
03/10/2013 06:04 PM <JUNCTION> NetHood [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/10/2013 06:04 PM <JUNCTION> PrintHood [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/10/2013 06:04 PM <JUNCTION> Recent [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Recent]
03/10/2013 06:04 PM <JUNCTION> SendTo [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\SendTo]
03/10/2013 06:04 PM <JUNCTION> Start Menu [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu]
03/10/2013 06:04 PM <JUNCTION> Templates [C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mr. Uncle\AppData\Local
03/10/2013 06:04 PM <JUNCTION> Application Data [C:\Users\Mr. Uncle\AppData\Local]
03/10/2013 06:04 PM <JUNCTION> History [C:\Users\Mr. Uncle\AppData\Local\Microsoft\Windows\History]
03/10/2013 06:04 PM <JUNCTION> Temporary Internet Files [C:\Users\Mr. Uncle\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mr. Uncle\Documents
03/10/2013 06:04 PM <JUNCTION> My Music [C:\Users\Mr. Uncle\Music]
03/10/2013 06:04 PM <JUNCTION> My Pictures [C:\Users\Mr. Uncle\Pictures]
03/10/2013 06:04 PM <JUNCTION> My Videos [C:\Users\Mr. Uncle\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 141,075,066,880 bytes free

< End of report >

[kuroineko]

OTL Extras logfile created on: 8/18/2013 3:34:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mr. Uncle\Downloads\Programs
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 46.08% Memory free
7.93 Gb Paging File | 5.58 Gb Available in Paging File | 70.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.31 Gb Total Space | 129.37 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
Drive D: | 155.91 Gb Total Space | 0.29 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
Drive E: | 30.00 Gb Total Space | 0.32 Gb Free Space | 1.06% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 10.22 Gb Free Space | 68.60% Space Free | Partition Type: FAT32

Computer Name: MRUNCLE-LAPPY | User Name: Mr. Uncle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CFF18D0-9696-4001-8191-D092A793015D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21D9981C-3098-4B68-854E-45EE884CA950}" = rport=139 | protocol=6 | dir=out | app=system |
"{41024D00-484B-41C4-BEBC-DC89036D65F9}" = lport=53954 | protocol=6 | dir=in | name=akamai netsession interface |
"{519594EF-24F5-4041-B086-A4C83C74E4C0}" = rport=445 | protocol=6 | dir=out | app=system |
"{596DACF0-A340-4C22-83EA-BC8327F869B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{68399272-F7E2-4678-A405-787234BC9B18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74775269-DEF5-474A-B6A6-D08614A6E23E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7536E0BB-8881-4388-B71D-1605A64F4059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{806D47FD-25D0-4EEC-80D8-7D5F5A2DE09A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82D01358-9ABC-404E-8F4F-D0BED56114BD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9BCBCF40-F011-48CE-88B3-6C28E8ED7E83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BA8EB26A-E8C3-4511-BBE6-585A05805FD7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C19C7891-89F2-4075-92FB-560DB42404A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C23CD70E-C6E5-4E2D-8C9E-8BE52171BF33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C3DC3776-332D-4FEB-A209-96718CB27DF3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDAD22C6-3482-4BA8-9E28-03A466DDE1F6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D27A4C7D-0E29-476A-A45B-DB83BFE22824}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2CE2F50-C99F-487C-A623-03D4C902D47A}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9C04AC8-B3E5-4A62-BF94-81BEE9756119}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3E17F2A-00E7-4831-9451-1CCCECBBE1CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDF9B15E-41C9-4551-9EE3-81E23CDB9320}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDFCF8DB-9D15-4836-8A71-F4D30B28552A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F66677ED-749B-43AA-80F2-51BB2F5DFE19}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F6A77954-5309-48A0-B68D-3B3FCB9799AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{FA7C4776-B238-4ED9-9B7E-876E28F31A05}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{FD7BF886-2D13-44A8-A139-98B4910FE21C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CEC8C1-D18A-42E6-B0A2-096E6ECEDCDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{115050C6-4E4D-47FC-AC38-E89ADF994549}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1C30DB35-1AAB-4EB2-9EA6-A02093D03161}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{1F6EB245-486E-493D-9934-C97F4CE9FC98}" = protocol=1 | dir=in | [email protected],-28543 |
"{20FB126F-A2DE-4645-ACF9-012437BD7AAF}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\manager.exe |
"{2728E192-A9CA-4D81-A374-F7D90826E3EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28974BCD-0E57-47F4-9F12-C44F462717DB}" = dir=in | app=c:\program files (x86)\garena plus\ggdllhost.exe |
"{29563AF5-6B00-4E98-8F3C-C21B9DE27C2A}" = protocol=58 | dir=in | [email protected],-28545 |
"{2FDDF635-58BC-4393-B42D-B1432A0F79FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{347488B8-F11F-47E4-8EC8-0F88BA716E68}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\server.exe |
"{3508E60F-6ED8-42C8-A1F4-C03E4D43B06B}" = protocol=17 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe |
"{35855EAD-1AF3-4BBD-BCE0-CF5688119F14}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\monitor.exe |
"{3AC713CB-C897-437B-9FCA-12D8E25616FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{451C6230-EC2E-4EE6-911F-6BA7CA97C750}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B16486B-27B6-458A-B38D-5E3408C63D67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DEB1E99-21CF-4346-8E8E-FDC9D3503B92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EFD4B0B-0714-4F0C-959E-A4149EB96FA5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{6EF8678F-B0EB-4461-812D-ADCF959835E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76B71D26-F2D1-4934-9AD1-BBF21F13E70A}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\server.exe |
"{79216672-B22A-4D6B-8744-C6320A8AF4F9}" = protocol=58 | dir=out | [email protected],-28546 |
"{8858338A-023E-4BCF-8CB0-9D342F9FAFBC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D3310C2-D315-48C2-8C28-0E9936D96130}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9317BC98-C1D7-46C9-93C7-E26ACF7A6595}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A6EAAE4-6A6A-465B-B7CB-B68180BAD36F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9A809F91-5583-4E4F-AF8E-7760EAE94293}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9CA73F91-1B34-4BCA-9262-0BF3C904EFAE}" = dir=in | app=c:\users\mr. uncle\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A2590C04-B9FB-4596-AEA9-DF38B65255C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA4408BC-E8A8-48AA-A0A6-C213F88A2D4F}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{B12ACF9A-2F67-44D6-8735-41EF083511B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B45C3523-7675-48F3-BB51-ECA55977574E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B62C4B95-3C71-485C-87E9-A58B451577C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BBC9AFEF-32C3-4682-B416-437DB54FD037}" = protocol=6 | dir=in | app=d:\games\cherrydegames\dragon nest\dragonnest.exe |
"{C032F7CB-1F07-4BD8-B014-13E4350ACED9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C352B38F-C6E8-42BE-A000-2F13E63F531C}" = protocol=1 | dir=out | [email protected],-28544 |
"{C3A40B69-5DB5-4559-844C-1607566C686A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C41F5904-1865-40FB-B697-6BFAA5F97048}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D408C2B2-2069-40CA-B71F-5AADE9D28613}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBF1EED9-6FC9-463E-A9EF-B8CEF5E06949}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD9D5877-A4BF-42BF-9958-A4469B353747}" = protocol=17 | dir=in | app=d:\games\cherrydegames\dragon nest\dragonnest.exe |
"{DFACAF77-C11F-484A-849A-3247056FE0E6}" = protocol=6 | dir=in | app=d:\program files\autodesk\backburner\manager.exe |
"{E01E50B7-D9B3-490D-83C1-DD78C7130377}" = protocol=6 | dir=out | app=system |
"{F7B0C9DE-A9BA-4FE9-A495-7C3754242B72}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FCE7D35C-BF63-4B2A-AE64-98883D717A72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE04EE5D-E8E0-4268-B322-1F5975C87A91}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"TCP Query User{02F80ADA-4DB8-4DAE-832E-B158F0DBCC15}D:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=6 | dir=in | app=d:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
"TCP Query User{3BA40E60-B8C5-4B89-A204-12BBE16C92EE}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"TCP Query User{448E4E78-8A29-49CF-AD2F-FA025EC55A94}D:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
"TCP Query User{86AC4E50-69DD-4BAE-8131-D08661183395}C:\users\mr. uncle\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mr. uncle\appdata\local\akamai\netsession_win.exe |
"TCP Query User{BEF467EF-EB3B-4F99-9D1E-F9997BA0A9FD}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{CE498F13-69E2-4AC1-BD17-44E04311370A}D:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D608395D-1ED7-44F5-B7E0-714A5FD28E31}D:\mga files ko\files ko\installer\honinstaller.exe" = protocol=6 | dir=in | app=d:\mga files ko\files ko\installer\honinstaller.exe |
"TCP Query User{DF679CD2-690E-4FB8-A111-5C46578D8681}D:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=6 | dir=in | app=d:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
"TCP Query User{EE9317BC-5AAD-4911-999A-22B76B8048D4}D:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=d:\program files (x86)\google\google sketchup 8\sketchup.exe |
"UDP Query User{1EC0A098-2329-4B96-AF5B-394137CF9B2C}D:\mga files ko\files ko\installer\honinstaller.exe" = protocol=17 | dir=in | app=d:\mga files ko\files ko\installer\honinstaller.exe |
"UDP Query User{43E66F3A-CEEC-42CF-888C-6408903A128F}D:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=17 | dir=in | app=d:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
"UDP Query User{8A793518-DFEE-4DA6-8946-4E3F4F54E0E8}D:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=17 | dir=in | app=d:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
"UDP Query User{92E65F9D-13A7-4D26-AAF8-E7E94F41B4F4}D:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=d:\program files (x86)\google\google sketchup 8\sketchup.exe |
"UDP Query User{A206FB0B-0706-45B2-BAF6-12B5C8E4207F}D:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C2B49C3F-4ED4-4D0E-BB77-2870B2AB6E8F}D:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C7C205B3-89B7-44E9-B986-5017CD4663C9}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{CA90E6D2-675A-488C-9907-536151EE2409}C:\users\mr. uncle\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mr. uncle\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F440A0A3-990F-42DA-A1C0-73E7F1A1EF8C}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{29421E62-F88F-45F1-8686-8EAE6748AE59}" = Turbo Squid Tentacles 3ds Max 2009 64-bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"FBX Plugin 2009.0 for Max 2009 64" = FBX Plugin 2009.0 for Max 2009 64
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Theme Resource Changer X64 v1.0" = Theme Resource Changer X64 v1.0
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1" = WTFast 2.11
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype™ Launcher
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{4117ffbe-bb82-4db9-9ca8-9d6b978073d5}" = Nero 9 Essentials
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9E4FF410-471F-49E3-9358-74FF0D5E9901}" = Toshiba TEMPRO
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FEB650EB-7639-444E-9FC2-C33EE6ED1A37}" = TOSHIBA Remote Control Manager
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AGSCDROM" = AGS CD-ROM Version 3.0
"Auto Clicker by Shocker_is1" = Auto Clicker by Shocker
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Free DVD ISO Maker (by minidvdsoft)_is1" = Free DVD ISO Maker version 1.2
"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.3
"HoN" = Garena - Heroes of Newerth
"im" = Garena Plus
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{63DA1F6A-2E65-4367-99B9-9E39FADEC446}" = HDMI Control Manager
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Internet Download Manager" = Internet Download Manager
"Pixelformer" = Pixelformer
"Rainmeter" = Rainmeter
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"SU Podium V2_is1" = SU Podium V2 2.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"V-Ray for SketchUp 1.48.95" = V-Ray for SketchUp
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2821982361-1644398248-1705138086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2013 9:50:39 AM | Computer Name = MrUncle-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: FacebookVideoCalling.exe, version: 1.2.0.287,
time stamp: 0x50775885 Faulting module name: WININET.dll, version: 8.0.7600.16385,
time stamp: 0x4a5bdb3f Exception code: 0x80000001 Fault offset: 0x0003a7f4 Faulting
process id: 0xf90 Faulting application start time: 0x01ce861934a41dc1 Faulting application
path: C:\Users\Mr. Uncle\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Faulting
module path: C:\Windows\syswow64\WININET.dll Report Id: 86804074-f20c-11e2-8797-002622e9f184

Error - 7/21/2013 9:51:37 AM | Computer Name = MrUncle-Lappy | Source = Application Error | ID = 1000
Description = Faulting application name: FacebookVideoCalling.exe, version: 1.2.0.287,
time stamp: 0x50775885 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x0003b565 Faulting
process id: 0xfc4 Faulting application start time: 0x01ce86195df66b45 Faulting application
path: C:\Users\Mr. Uncle\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Faulting
module path: C:\Windows\syswow64\RPCRT4.dll Report Id: a929bec2-f20c-11e2-8797-002622e9f184

Error - 7/22/2013 2:13:34 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\Bluetooth
Toshiba Stack\TosBt1st.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 7/22/2013 2:14:22 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\Bluetooth
Toshiba Stack\Tools\AVRCPTestTool.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 7/22/2013 2:15:07 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/22/2013 2:18:10 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\mr. uncle\downloads\SoftonicDownloader_for_morphvox-voice-changer.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 7/23/2013 12:31:39 AM | Computer Name = MrUncle-Lappy | Source = MsiInstaller | ID = 10005
Description =

Error - 7/23/2013 3:43:20 AM | Computer Name = MrUncle-Lappy | Source = Google Update | ID = 20
Description =

Error - 7/23/2013 3:50:21 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\Bluetooth
Toshiba Stack\TosBt1st.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 7/23/2013 3:51:13 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\TOSHIBA\Bluetooth
Toshiba Stack\Tools\AVRCPTestTool.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 7/23/2013 3:52:04 PM | Computer Name = MrUncle-Lappy | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 8/8/2013 9:41:40 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:43 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:47 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:50 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:52 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:55 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:41:58 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:42:01 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/8/2013 9:42:05 AM | Computer Name = MrUncle-Lappy | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 8/9/2013 3:22:52 AM | Computer Name = MrUncle-Lappy | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:05:32 PM on ?8/?9/?2013 was unexpected.


< End of report >

[kuroineko]

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-18 04:00:24
-----------------------------
04:00:24.210 OS Version: Windows x64 6.1.7600
04:00:24.210 Number of processors: 2 586 0x170A
04:00:24.218 ComputerName: MRUNCLE-LAPPY UserName: Mr. Uncle
04:00:25.508 Initialize success
04:00:25.951 AVAST engine defs: 13081700
04:00:41.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:00:41.446 Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3
04:00:41.693 Disk 0 MBR read successfully
04:00:41.702 Disk 0 MBR scan
04:00:41.710 Disk 0 Windows 7 default MBR code
04:00:41.739 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
04:00:41.758 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 190777 MB offset 821248
04:00:41.801 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 391532544
04:00:41.811 Disk 0 Partition - 00 0F Extended LBA 159655 MB offset 454447104
04:00:41.862 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 159654 MB offset 454449152
04:00:42.191 Disk 0 scanning C:\Windows\system32\drivers
04:01:04.683 Service scanning
04:01:50.632 Modules scanning
04:01:51.011 Disk 0 trace - called modules:
04:01:51.056 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
04:01:51.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005710790]
04:01:51.082 3 CLASSPNP.SYS[fffff8800188e43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800570e060]
04:01:51.098 5 thpdrv.sys[fffff880017d6cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470c050]
04:01:52.412 AVAST engine scan C:\Windows
04:02:10.794 AVAST engine scan C:\Windows\system32
04:05:57.629 AVAST engine scan C:\Windows\system32\drivers
04:06:10.352 AVAST engine scan C:\Users\Mr. Uncle
04:10:42.757 AVAST engine scan C:\ProgramData
04:13:47.067 Scan finished successfully
04:16:10.340 Disk 0 MBR has been saved successfully to "C:\Users\Mr. Uncle\Downloads\Programs\MBR.dat"
04:16:10.354 The log file has been saved successfully to "C:\Users\Mr. Uncle\Downloads\Programs\aswMBR.txt"

[kuroineko]

nice meeting you miss Jasmyne, im done with the scan and posted it here

[Jasmyne]

nice meeting you miss Jasmyne, im done with the scan and posted it here

Nice to meet you as well, I'm currently going through the scans you have posted. Your OTL log shows that you've run TDSSKiller today, can you please find and post that log for me please? It should be located at TDSSKiller.[Version]_[Date]_[Time]_log.txt. [Version]_[Date]_[Time] will be a set of numbers corresponding to the version of TDSSKiller, the date it was run, and the time it was run.

Thank you,

Jasmyne

[kuroineko]

uhm yea i tried to run TDSSKiller because i saw it from the other post but when i created my own post i delete the post log sorry, should i run it again?

[Jasmyne]

That's okay, just wait for now, I have more instructions for you posted to my instructor for approval now.

Jasmyne

[kuroineko]

ok i'll wait

[Jasmyne]

Is Avast still detecting the infection since you've run TDSSKiller? Let's run another scan to check the MBR just to be sure it's clean.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

[kuroineko]

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A500
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 212):
0x03217000 \SystemRoot\system32\ntoskrnl.exe
0x037F4000 \SystemRoot\system32\hal.dll
0x00BA2000 \SystemRoot\system32\kdcom.dll
0x00C71000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00E24000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC8000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ED7000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F2E000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F37000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F41000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F74000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F81000 \SystemRoot\System32\drivers\partmgr.sys
0x00F96000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F9F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FAB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDA000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01092000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011AE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011B7000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011E1000 \SystemRoot\system32\DRIVERS\msahci.sys
0x011EC000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01216000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0142C000 \SystemRoot\System32\Drivers\msrpc.sys
0x0148A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014A4000 \SystemRoot\System32\Drivers\cng.sys
0x01517000 \SystemRoot\System32\drivers\pcw.sys
0x01528000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016C8000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01532000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0168B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x0157E000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x01690000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x01692000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x0169E000 \SystemRoot\System32\Drivers\spldr.sys
0x017BA000 \SystemRoot\System32\drivers\rdyboost.sys
0x016A6000 \SystemRoot\System32\Drivers\mup.sys
0x016B8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013B9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01400000 \SystemRoot\system32\DRIVERS\disk.sys
0x01060000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02BB1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02BDB000 \SystemRoot\System32\Drivers\Null.SYS
0x02BE4000 \SystemRoot\System32\Drivers\Beep.SYS
0x02BEB000 \SystemRoot\System32\drivers\vga.sys
0x02A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02A25000 \SystemRoot\System32\drivers\watchdog.sys
0x02A35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02A3E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02A47000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02A50000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02A5B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03802000 \SystemRoot\System32\drivers\tcpip.sys
0x03A93000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03ADD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03AFB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03B08000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x03B18000 \SystemRoot\system32\drivers\afd.sys
0x03BA2000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x03BAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03BF1000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A3C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A4B000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x03A5E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03A79000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C08000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C59000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C65000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C70000 \SystemRoot\System32\drivers\discache.sys
0x03C7F000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C9D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CAE000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03CD1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04683000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05188000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CF7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0518A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x051D0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04600000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0460D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04663000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03EBE000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04087000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04000000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04034000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04063000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x04072000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0407C000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x03EF7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03F0D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041F5000 \SystemRoot\System32\Drivers\RootMdm.sys
0x03F1D000 \SystemRoot\system32\drivers\modem.sys
0x03F2C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F42000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03F66000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03F72000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03FA1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03FBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FDD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03E0F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x041FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E1E000 \SystemRoot\system32\DRIVERS\ks.sys
0x03E61000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054FB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05555000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0556A000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05582000 \SystemRoot\system32\drivers\portcls.sys
0x055BF000 \SystemRoot\system32\drivers\drmk.sys
0x055E1000 \SystemRoot\system32\drivers\ksthunk.sys
0x0640D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x065EC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05400000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0541E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x065F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x065F3000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x0546A000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x06400000 \SystemRoot\System32\drivers\Dxapi.sys
0x0547B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02A6C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05489000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x0549C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x054B9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x054E7000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x054EE000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x055E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x03E73000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05299000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x052CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x052D9000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x052EF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\ATMFD.DLL
0x052FD000 \SystemRoot\system32\drivers\luafv.sys
0x05320000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x0533A000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x05343000 \SystemRoot\system32\drivers\WudfPf.sys
0x00980000 \SystemRoot\System32\cdd.dll
0x05364000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05379000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x053CC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x053DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08068000 \SystemRoot\system32\drivers\HTTP.sys
0x08130000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0814E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x08166000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x08192000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x08000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x08023000 \SystemRoot\system32\DRIVERS\idmwfp.sys
0x086F4000 \SystemRoot\system32\drivers\peauth.sys
0x0879A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x087A5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x087D2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05200000 \SystemRoot\System32\DRIVERS\srv.sys
0x0C405000 \??\D:\games\CherryDeGames\Dragon Nest\GPK\1394hub.sys
0x086B7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08669000 \SystemRoot\System32\Drivers\fastfat.SYS
0x03E8C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77600000 \Windows\System32\ntdll.dll
0x47C00000 \Windows\System32\smss.exe
0xFF920000 \Windows\System32\apisetschema.dll
0xFFB00000 \Windows\System32\autochk.exe
0xFF7E0000 \Windows\System32\wininet.dll
0xFF760000 \Windows\System32\difxapi.dll
0xFF5E0000 \Windows\System32\urlmon.dll
0x777D0000 \Windows\System32\psapi.dll
0xFF500000 \Windows\System32\advapi32.dll
0x777C0000 \Windows\System32\normaliz.dll
0xFF4F0000 \Windows\System32\lpk.dll
0xFF480000 \Windows\System32\gdi32.dll
0xFF400000 \Windows\System32\shlwapi.dll
0x77500000 \Windows\System32\user32.dll
0xFF3E0000 \Windows\System32\sechost.dll
0xFF390000 \Windows\System32\ws2_32.dll
0xFF340000 \Windows\System32\Wldap32.dll
0xFF160000 \Windows\System32\setupapi.dll
0xFF080000 \Windows\System32\oleaut32.dll
0xFF050000 \Windows\System32\imm32.dll
0xFEFB0000 \Windows\System32\msvcrt.dll
0xFEE80000 \Windows\System32\rpcrt4.dll
0xFEC20000 \Windows\System32\iertutil.dll
0xFEB80000 \Windows\System32\comdlg32.dll
0xFEB60000 \Windows\System32\imagehlp.dll
0xFDDD0000 \Windows\System32\shell32.dll
0xFDD30000 \Windows\System32\clbcatq.dll
0xFDD20000 \Windows\System32\nsi.dll
0x773E0000 \Windows\System32\kernel32.dll
0xFDB10000 \Windows\System32\ole32.dll
0xFDA00000 \Windows\System32\msctf.dll
0xFD930000 \Windows\System32\usp10.dll
0xFD890000 \Windows\System32\comctl32.dll
0xFD820000 \Windows\System32\KernelBase.dll
0xFD800000 \Windows\System32\devobj.dll
0xFD7C0000 \Windows\System32\cfgmgr32.dll
0xFD650000 \Windows\System32\crypt32.dll
0xFD610000 \Windows\System32\wintrust.dll
0xFD600000 \Windows\System32\msasn1.dll
0x777B0000 \Windows\SysWOW64\normaliz.dll

Processes (total 106):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
492 csrss.exe
664 C:\Windows\System32\wininit.exe
684 csrss.exe
712 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\nvvsvc.exe
968 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\winlogon.exe
1288 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1424 C:\Windows\System32\nvvsvc.exe
1748 C:\Windows\System32\spoolsv.exe
1780 C:\Windows\System32\svchost.exe
1896 C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2012 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
1036 C:\Windows\System32\svchost.exe
688 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1800 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
2080 C:\Windows\System32\ThpSrv.exe
2104 C:\Windows\System32\TODDSrv.exe
2132 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2240 C:\Program Files\TOSHIBA\TECO\TecoService.exe
2268 C:\Windows\System32\svchost.exe
2064 C:\Windows\System32\taskhost.exe
3040 C:\Windows\System32\taskeng.exe
2232 C:\Program Files (x86)\Garena Plus\ggdllhost.exe
964 C:\Windows\System32\dwm.exe
148 C:\Windows\explorer.exe
2816 C:\Windows\System32\ThpSrv.exe
840 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
1792 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2548 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1580 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3064 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2904 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2028 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2948 C:\Program Files\TOSHIBA\TECO\Teco.exe
3136 C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
3376 C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
3600 WmiPrvSE.exe
3704 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3936 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
3976 C:\Users\Mr. Uncle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Full glass.exe
4076 C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
3152 C:\Windows\System32\taskeng.exe
1396 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
3428 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
3520 C:\Windows\System32\SearchIndexer.exe
2436 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
1332 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
4020 C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
3440 C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
4128 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
4144 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4192 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
4212 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
4384 C:\Program Files\Windows Media Player\wmpnetwk.exe
4500 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosHdpProc.exe
4572 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
4596 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4632 C:\Windows\System32\svchost.exe
4780 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
5048 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
5104 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
5272 C:\Windows\System32\svchost.exe
5996 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
1200 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
5876 C:\Windows\System32\svchost.exe
6052 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
6028 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
6036 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
3024 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2488 C:\Windows\System32\cmd.exe
6540 C:\Windows\System32\conhost.exe
4768 C:\Windows\System32\PING.EXE
3908 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
6180 C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
7120 C:\Windows\System32\audiodg.exe
1284 WUDFHost.exe
4104 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
6664 E:\New folder\DN Tools\DN Tools\DN model browser\DN
3352 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
6440 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
5552 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
4900 D:\games\CherryDeGames\Dragon Nest\DragonNest.exe
7112 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
6432 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
3648 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
4968 C:\Users\Mr. Uncle\AppData\Local\Google\Chrome\Application\chrome.exe
3052 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
6732 C:\Windows\System32\SearchProtocolHost.exe
1096 C:\Windows\System32\SearchFilterHost.exe
1048 dllhost.exe
2072 dllhost.exe
4416 C:\Users\Mr. Uncle\Downloads\Programs\MBRCheck.exe
5640 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`2cb00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002e`aca00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4055GSX, Rev: FG011M

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

[kuroineko]

uhm yes when i tried the TDDSkiller, i tried to to scan my computer with my avast and it detects virus.

[Jasmyne]

After running TDSSKiller have the notifications from Avast stopped?

[kuroineko]

yes after i run the TDDSkiller, i tried to scan my computer with avast and it still detects it. When i discovered this virus its only one and that is MBR-Alureon-G-RTK but after i run TDDSkiller and scan my computer it becomes 8 threats i cant remember the names of the threats.