Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ADWARE.Gen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ADWARE.Gen

Unread postby confused63 » June 18th, 2012, 8:17 am

Hi,

I have recently noticed my new laptop being slower than usual, today when I did my daily scan with Avira antivirus it found adware.gen my antivirus is till scanning the laptop, but I didn't want to wait to get help to remove this malware, since I read on the net that it is very difficult to remove :(

I have gotten help from you in the past with my old laptop and was very pleased with the help you gave me, so I hope you can help me again.

Many thanks
P

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14/02/2012 13:43:04
System Uptime: 18/06/2012 11:20:09 (2 hours ago)
.
Motherboard: TOSHIBA | | PWWBE
Processor: AMD E-300 APU with Radeon(tm) HD Graphics | CPU 1 | 1300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 231.499 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 286.165 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP43: 29/05/2012 05:36:50 - Installed Rapport
RP44: 29/05/2012 12:11:22 - Windows Update
RP45: 05/06/2012 01:31:49 - Windows Update
RP46: 08/06/2012 09:01:08 - Windows Update
RP47: 12/06/2012 08:59:17 - Windows Update
RP48: 14/06/2012 17:50:14 - Windows Update
RP49: 18/06/2012 11:25:22 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
Audacity 2.0
Avira Free Antivirus
Babylon toolbar on IE
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bejeweled 3
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dropbox
Express Rip
Express Zip File Compression Software
FATE
Final Drive: Nitro
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback
Insaniquarium Deluxe
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Mesh Runtime
Microsoft Office 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
OpenOffice.org 3.3
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Rapport
Reader for PC
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.9
Slingo Deluxe
Switch Sound File Converter
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Utility Common Driver
WavePad Sound Editor
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
14/06/2012 23:05:01, Error: bowser [8003] - The master browser has received a server announcement from the computer IBM-261AE8C6CF2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{950DF892-A121-4ACD-90A3-96E8B7996FC8}. The master browser is stopping or an election is being forced.
14/06/2012 19:53:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
14/06/2012 19:53:52, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/06/2012 19:17:08, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
14/06/2012 10:28:22, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
13/06/2012 09:46:44, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Paglam at 13:05:32 on 2012-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1325 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\LogonUI.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paglam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109985&tt ... 3170b2162b
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TEUA
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Paglam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [<NO NAME>]
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
StartupFolder: C:\Users\Paglam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Paglam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Paglam\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOSHIB~1.LNK - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{950DF892-A121-4ACD-90A3-96E8B7996FC8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CA8AF50F-1F07-49CE-95E3-7418750642E5} : DhcpNameServer = 100.100.0.102
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [(Default)]
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys [2012-3-11 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-5-21 55096]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-13 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-13 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-10 257696]
S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-06-18 10:27:00 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C483EF50-F4D3-4F49-94EB-874903DF5023}\mpengine.dll
2012-06-14 08:03:08 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 08:03:08 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 08:03:08 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 07:55:40 -------- d-----w- C:\Users\Paglam\AppData\Local\{BDF65540-2FEB-4DE2-8864-E15076728FCD}
2012-06-14 07:55:18 -------- d-----w- C:\Users\Paglam\AppData\Local\{0358BE02-18E3-43D3-8809-FD80A5248174}
2012-06-13 11:23:58 -------- d-----w- C:\Users\Paglam\AppData\Local\{D796993A-D7C1-4DAC-BB69-92C45860F0BD}
2012-06-13 11:23:43 -------- d-----w- C:\Users\Paglam\AppData\Local\{EC100B34-4D2D-4940-8479-C01C873FE55E}
2012-06-12 11:07:32 -------- d-----w- C:\Program Files (x86)\Audacity
2012-06-04 14:06:17 -------- d-----w- C:\Users\Paglam\AppData\Local\{9271F1F9-01D1-4E28-8D72-6F6A4EA31BC5}
2012-06-04 14:05:47 -------- d-----w- C:\Users\Paglam\AppData\Local\{D7FADAC4-7F18-4551-A375-A5ED20426B1E}
2012-06-02 11:18:45 -------- d-----w- C:\Users\Paglam\AppData\Local\{4E16A4DE-2901-4E53-B0C2-C5706E5F7028}
2012-06-02 11:18:30 -------- d-----w- C:\Users\Paglam\AppData\Local\{11894A8B-2835-41C3-8A39-B044C3DDCDD1}
2012-06-01 19:39:29 -------- d-----w- C:\Users\Paglam\AppData\Local\{ECEAD1B7-E842-4C2A-B60E-7BA5621EFECF}
2012-06-01 19:39:16 -------- d-----w- C:\Users\Paglam\AppData\Local\{7214B186-6D99-4393-92C2-194ED00C790D}
2012-05-31 13:34:05 -------- d-----w- C:\Users\Paglam\AppData\Local\{918FBBB0-561B-4782-BC64-1DEA787188E0}
2012-05-31 13:33:53 -------- d-----w- C:\Users\Paglam\AppData\Local\{73C01156-64E4-4585-BA1D-D002FBB06CA1}
2012-05-28 19:29:04 -------- d-----w- C:\Users\Paglam\AppData\Local\{D90BBF9B-1B9B-4C9B-9C53-6F184EE068B6}
2012-05-28 19:28:51 -------- d-----w- C:\Users\Paglam\AppData\Local\{21145E3E-4E3A-4871-9219-272E0C2AAFAC}
2012-05-26 11:14:55 -------- d-----w- C:\Windows\en
2012-05-26 10:55:45 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1a05a96c1cd3b2e02\MeshBetaRemover.exe
2012-05-26 10:55:44 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18a529e21cd3b2e01\DXSETUP.exe
2012-05-26 10:55:44 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18a529e21cd3b2e01\dsetup32.dll
2012-05-26 10:55:43 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\18a529e21cd3b2e01\DSETUP.dll
2012-05-26 10:53:52 -------- d-----w- C:\Users\Paglam\AppData\Local\{2E4229C6-21C2-40E3-ACE0-CC11100379EC}
2012-05-26 10:53:39 -------- d-----w- C:\Users\Paglam\AppData\Local\{C0E9A5D8-16E7-4ACF-AB4F-BA552F54E78B}
.
==================== Find3M ====================
.
2012-05-21 06:19:16 101400 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 22:44:05 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 22:44:05 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-08 21:40:18 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 17:47:08 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-04-04 17:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 13:07:45.21 ===============
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am
Advertisement
Register to Remove

Re: ADWARE.Gen

Unread postby maxi » June 19th, 2012, 12:13 pm

Hello confused63,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: ADWARE.Gen

Unread postby confused63 » June 19th, 2012, 1:10 pm

Hi Maxi,

Thank you for offering to help me! Very kind, and much appreciated.

I finished my Avira antivirus Scan yesterday and it put two ADWARE.Gen viruses into the a quarantine and it seems to be attached to the programme audacity. Maybe this is of some help to know...? Is it safe just to leave it in there? I would be much happier if it disappeared completely. Also I still have Audacity on my laptop, and would like to keep it since I want to use it, but am not sure if it still has this virus attached to it.

Kind Regards
P
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby maxi » June 20th, 2012, 7:46 am

Hi confused63,

Step 1
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Babylon toolbar on IE
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 7 Update 4
JavaFX 2.1.0
Rapport (you can reinstall this when we are finished as it is known to interfere with our tools)


Step 3
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 4
OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

In your next reply please include:
The log from TDSSKiller.
Both logs from OTL.
Any problems you had with my instructions.
Any info you have on the avira detections. (file names,file paths)

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: ADWARE.Gen

Unread postby confused63 » June 20th, 2012, 7:03 pm

Hi Maxi,

I have done the restore point, and done the first scan I will paste it below. I do not know what OTL.exe is so I can't do that one... if you could explain where I find this programme then I will do my best. My Avira antivirus does not find any virus when it does it daily scan, it only found those two that I told you about earlier, the ones attached to audacity. I still have that programme and I have not deleted it, since you haven't told me to do so.

I have two of those TDSS scan's .... so I past both below.

If you could help me with the OTL.exe then I will scan with that programme as well.

Thank you so much for your help.
P

23:30:36.0047 5088 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:30:36.0299 5088 ============================================================
23:30:36.0299 5088 Current date / time: 2012/06/20 23:30:36.0299
23:30:36.0299 5088 SystemInfo:
23:30:36.0300 5088
23:30:36.0300 5088 OS Version: 6.1.7601 ServicePack: 1.0
23:30:36.0300 5088 Product type: Workstation
23:30:36.0300 5088 ComputerName: TOSHIBA
23:30:36.0302 5088 UserName: Paglam
23:30:36.0302 5088 Windows directory: C:\Windows
23:30:36.0302 5088 System windows directory: C:\Windows
23:30:36.0302 5088 Running under WOW64
23:30:36.0302 5088 Processor architecture: Intel x64
23:30:36.0302 5088 Number of processors: 2
23:30:36.0302 5088 Page size: 0x1000
23:30:36.0302 5088 Boot type: Normal boot
23:30:36.0302 5088 ============================================================
23:30:38.0221 5088 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:38.0231 5088 ============================================================
23:30:38.0231 5088 \Device\Harddisk0\DR0:
23:30:38.0231 5088 MBR partitions:
23:30:38.0231 5088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
23:30:38.0231 5088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
23:30:38.0231 5088 ============================================================
23:30:38.0272 5088 C: <-> \Device\Harddisk0\DR0\Partition0
23:30:38.0310 5088 D: <-> \Device\Harddisk0\DR0\Partition1
23:30:38.0342 5088 ============================================================
23:30:38.0342 5088 Initialize success
23:30:38.0342 5088 ============================================================
23:30:43.0515 6272 Deinitialize success



23:44:49.0678 7632 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:44:50.0823 7632 ============================================================
23:44:50.0823 7632 Current date / time: 2012/06/20 23:44:50.0823
23:44:50.0823 7632 SystemInfo:
23:44:50.0823 7632
23:44:50.0823 7632 OS Version: 6.1.7601 ServicePack: 1.0
23:44:50.0823 7632 Product type: Workstation
23:44:50.0823 7632 ComputerName: TOSHIBA
23:44:50.0824 7632 UserName: Paglam
23:44:50.0824 7632 Windows directory: C:\Windows
23:44:50.0824 7632 System windows directory: C:\Windows
23:44:50.0824 7632 Running under WOW64
23:44:50.0824 7632 Processor architecture: Intel x64
23:44:50.0824 7632 Number of processors: 2
23:44:50.0824 7632 Page size: 0x1000
23:44:50.0824 7632 Boot type: Normal boot
23:44:50.0824 7632 ============================================================
23:44:52.0529 7632 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:44:52.0539 7632 ============================================================
23:44:52.0539 7632 \Device\Harddisk0\DR0:
23:44:52.0540 7632 MBR partitions:
23:44:52.0540 7632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
23:44:52.0540 7632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
23:44:52.0540 7632 ============================================================
23:44:52.0579 7632 C: <-> \Device\Harddisk0\DR0\Partition0
23:44:52.0607 7632 D: <-> \Device\Harddisk0\DR0\Partition1
23:44:52.0607 7632 ============================================================
23:44:52.0607 7632 Initialize success
23:44:52.0607 7632 ============================================================
23:45:15.0328 6620 ============================================================
23:45:15.0328 6620 Scan started
23:45:15.0329 6620 Mode: Manual;
23:45:15.0329 6620 ============================================================
23:45:16.0241 6620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:45:16.0272 6620 1394ohci - ok
23:45:16.0315 6620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:45:16.0325 6620 ACPI - ok
23:45:16.0352 6620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:45:16.0365 6620 AcpiPmi - ok
23:45:16.0457 6620 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:45:16.0461 6620 AdobeARMservice - ok
23:45:16.0599 6620 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:45:16.0605 6620 AdobeFlashPlayerUpdateSvc - ok
23:45:16.0682 6620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:45:16.0716 6620 adp94xx - ok
23:45:16.0768 6620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:45:16.0796 6620 adpahci - ok
23:45:16.0823 6620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:45:16.0848 6620 adpu320 - ok
23:45:16.0901 6620 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:45:16.0905 6620 AeLookupSvc - ok
23:45:16.0976 6620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:45:16.0990 6620 AFD - ok
23:45:17.0034 6620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:45:17.0054 6620 agp440 - ok
23:45:17.0103 6620 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:45:17.0126 6620 ALG - ok
23:45:17.0150 6620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:45:17.0164 6620 aliide - ok
23:45:17.0224 6620 AMD External Events Utility (310f88a93c3b02e3d1f906fb57b9e01e) C:\Windows\system32\atiesrxx.exe
23:45:17.0230 6620 AMD External Events Utility - ok
23:45:17.0266 6620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:45:17.0277 6620 amdide - ok
23:45:17.0303 6620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:45:17.0318 6620 AmdK8 - ok
23:45:17.0857 6620 amdkmdag (62ddf55680f8c53e4b8dde4189ada0b8) C:\Windows\system32\DRIVERS\atikmdag.sys
23:45:18.0096 6620 amdkmdag - ok
23:45:18.0235 6620 amdkmdap (51f027dffedfb8d763fabffa06b56e6d) C:\Windows\system32\DRIVERS\atikmpag.sys
23:45:18.0241 6620 amdkmdap - ok
23:45:18.0282 6620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:45:18.0284 6620 AmdPPM - ok
23:45:18.0321 6620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:45:18.0336 6620 amdsata - ok
23:45:18.0357 6620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:45:18.0376 6620 amdsbs - ok
23:45:18.0399 6620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:45:18.0410 6620 amdxata - ok
23:45:18.0449 6620 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
23:45:18.0451 6620 amd_sata - ok
23:45:18.0476 6620 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
23:45:18.0488 6620 amd_xata - ok
23:45:18.0583 6620 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:45:18.0587 6620 AntiVirSchedulerService - ok
23:45:18.0629 6620 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:45:18.0632 6620 AntiVirService - ok
23:45:18.0681 6620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:45:18.0698 6620 AppID - ok
23:45:18.0730 6620 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:45:18.0747 6620 AppIDSvc - ok
23:45:18.0769 6620 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:45:18.0773 6620 Appinfo - ok
23:45:18.0803 6620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:45:18.0825 6620 arc - ok
23:45:18.0844 6620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:45:18.0866 6620 arcsas - ok
23:45:18.0884 6620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:45:18.0895 6620 AsyncMac - ok
23:45:18.0937 6620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:45:18.0948 6620 atapi - ok
23:45:19.0035 6620 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:45:19.0047 6620 AudioEndpointBuilder - ok
23:45:19.0065 6620 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:45:19.0075 6620 AudioSrv - ok
23:45:19.0122 6620 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:45:19.0141 6620 avgntflt - ok
23:45:19.0192 6620 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:45:19.0211 6620 avipbb - ok
23:45:19.0248 6620 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:45:19.0261 6620 avkmgr - ok
23:45:19.0305 6620 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:45:19.0318 6620 AxInstSV - ok
23:45:19.0381 6620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:45:19.0404 6620 b06bdrv - ok
23:45:19.0458 6620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:45:19.0478 6620 b57nd60a - ok
23:45:19.0516 6620 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:45:19.0529 6620 BDESVC - ok
23:45:19.0544 6620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:45:19.0553 6620 Beep - ok
23:45:19.0707 6620 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:45:19.0724 6620 BFE - ok
23:45:19.0806 6620 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:45:19.0830 6620 BITS - ok
23:45:19.0894 6620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:45:19.0910 6620 blbdrive - ok
23:45:19.0958 6620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:45:19.0978 6620 bowser - ok
23:45:20.0008 6620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:45:20.0021 6620 BrFiltLo - ok
23:45:20.0033 6620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:45:20.0045 6620 BrFiltUp - ok
23:45:20.0079 6620 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:45:20.0085 6620 Browser - ok
23:45:20.0127 6620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:45:20.0160 6620 Brserid - ok
23:45:20.0175 6620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:45:20.0190 6620 BrSerWdm - ok
23:45:20.0205 6620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:45:20.0217 6620 BrUsbMdm - ok
23:45:20.0230 6620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:45:20.0241 6620 BrUsbSer - ok
23:45:20.0254 6620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:45:20.0268 6620 BTHMODEM - ok
23:45:20.0308 6620 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:45:20.0322 6620 bthserv - ok
23:45:20.0345 6620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:45:20.0358 6620 cdfs - ok
23:45:20.0403 6620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:45:20.0421 6620 cdrom - ok
23:45:20.0476 6620 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
23:45:20.0487 6620 CeKbFilter - ok
23:45:20.0527 6620 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:45:20.0543 6620 CertPropSvc - ok
23:45:20.0641 6620 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:45:20.0649 6620 cfWiMAXService - ok
23:45:20.0683 6620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:45:20.0696 6620 circlass - ok
23:45:20.0741 6620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:45:20.0749 6620 CLFS - ok
23:45:20.0808 6620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:20.0826 6620 clr_optimization_v2.0.50727_32 - ok
23:45:20.0901 6620 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:45:20.0918 6620 clr_optimization_v2.0.50727_64 - ok
23:45:20.0955 6620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:20.0960 6620 clr_optimization_v4.0.30319_32 - ok
23:45:21.0024 6620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:45:21.0029 6620 clr_optimization_v4.0.30319_64 - ok
23:45:21.0071 6620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:45:21.0080 6620 CmBatt - ok
23:45:21.0095 6620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:45:21.0107 6620 cmdide - ok
23:45:21.0161 6620 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:45:21.0193 6620 CNG - ok
23:45:21.0233 6620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:45:21.0246 6620 Compbatt - ok
23:45:21.0267 6620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:45:21.0281 6620 CompositeBus - ok
23:45:21.0294 6620 COMSysApp - ok
23:45:21.0388 6620 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:45:21.0391 6620 ConfigFree Service - ok
23:45:21.0430 6620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:45:21.0442 6620 crcdisk - ok
23:45:21.0511 6620 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:45:21.0517 6620 CryptSvc - ok
23:45:21.0593 6620 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:45:21.0607 6620 DcomLaunch - ok
23:45:21.0653 6620 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:45:21.0676 6620 defragsvc - ok
23:45:21.0708 6620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:45:21.0725 6620 DfsC - ok
23:45:21.0772 6620 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:45:21.0780 6620 Dhcp - ok
23:45:21.0804 6620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:45:21.0807 6620 discache - ok
23:45:21.0823 6620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:45:21.0842 6620 Disk - ok
23:45:21.0878 6620 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:45:21.0883 6620 Dnscache - ok
23:45:21.0928 6620 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:45:21.0948 6620 dot3svc - ok
23:45:21.0979 6620 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:45:21.0985 6620 DPS - ok
23:45:22.0027 6620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:45:22.0033 6620 drmkaud - ok
23:45:22.0106 6620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:45:22.0141 6620 DXGKrnl - ok
23:45:22.0179 6620 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:45:22.0183 6620 EapHost - ok
23:45:22.0389 6620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:45:22.0461 6620 ebdrv - ok
23:45:22.0559 6620 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:45:22.0565 6620 EFS - ok
23:45:22.0642 6620 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:45:22.0688 6620 ehRecvr - ok
23:45:22.0726 6620 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:45:22.0754 6620 ehSched - ok
23:45:22.0857 6620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:45:22.0889 6620 elxstor - ok
23:45:22.0904 6620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:45:22.0917 6620 ErrDev - ok
23:45:22.0992 6620 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:45:23.0004 6620 EventSystem - ok
23:45:23.0051 6620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:45:23.0075 6620 exfat - ok
23:45:23.0100 6620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:45:23.0124 6620 fastfat - ok
23:45:23.0200 6620 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:45:23.0218 6620 Fax - ok
23:45:23.0249 6620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:45:23.0269 6620 fdc - ok
23:45:23.0298 6620 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:45:23.0302 6620 fdPHost - ok
23:45:23.0326 6620 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:45:23.0331 6620 FDResPub - ok
23:45:23.0353 6620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:45:23.0374 6620 FileInfo - ok
23:45:23.0398 6620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:45:23.0411 6620 Filetrace - ok
23:45:23.0452 6620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:45:23.0464 6620 flpydisk - ok
23:45:23.0512 6620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:45:23.0520 6620 FltMgr - ok
23:45:23.0677 6620 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:45:23.0705 6620 FontCache - ok
23:45:23.0761 6620 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:45:23.0765 6620 FontCache3.0.0.0 - ok
23:45:23.0807 6620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:45:23.0827 6620 FsDepends - ok
23:45:23.0861 6620 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:45:23.0877 6620 Fs_Rec - ok
23:45:23.0930 6620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:45:23.0938 6620 fvevol - ok
23:45:23.0964 6620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:45:23.0983 6620 gagp30kx - ok
23:45:24.0087 6620 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:45:24.0125 6620 GamesAppService - ok
23:45:24.0196 6620 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:45:24.0211 6620 gpsvc - ok
23:45:24.0299 6620 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:45:24.0302 6620 gupdate - ok
23:45:24.0314 6620 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:45:24.0317 6620 gupdatem - ok
23:45:24.0343 6620 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:45:24.0369 6620 gusvc - ok
23:45:24.0426 6620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:45:24.0442 6620 hcw85cir - ok
23:45:24.0506 6620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:45:24.0531 6620 HdAudAddService - ok
23:45:24.0572 6620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:24.0575 6620 HDAudBus - ok
23:45:24.0593 6620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:45:24.0604 6620 HidBatt - ok
23:45:24.0619 6620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:45:24.0633 6620 HidBth - ok
23:45:24.0643 6620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:45:24.0656 6620 HidIr - ok
23:45:24.0683 6620 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:45:24.0696 6620 hidserv - ok
23:45:24.0716 6620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:45:24.0726 6620 HidUsb - ok
23:45:24.0756 6620 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:45:24.0770 6620 hkmsvc - ok
23:45:24.0803 6620 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:45:24.0810 6620 HomeGroupListener - ok
23:45:24.0844 6620 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:45:24.0852 6620 HomeGroupProvider - ok
23:45:24.0881 6620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:45:24.0896 6620 HpSAMD - ok
23:45:24.0970 6620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:45:24.0984 6620 HTTP - ok
23:45:25.0007 6620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:45:25.0010 6620 hwpolicy - ok
23:45:25.0064 6620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:25.0081 6620 i8042prt - ok
23:45:25.0135 6620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:45:25.0157 6620 iaStorV - ok
23:45:25.0317 6620 IconMan_R (dabfbe88774a3c1a8cea198348e02740) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
23:45:25.0348 6620 IconMan_R - ok
23:45:25.0484 6620 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:45:25.0577 6620 idsvc - ok
23:45:25.0668 6620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:45:25.0683 6620 iirsp - ok
23:45:25.0755 6620 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:45:25.0772 6620 IKEEXT - ok
23:45:25.0985 6620 IntcAzAudAddService (8bc7eb3bf3fa1c434aa830a50456dd02) C:\Windows\system32\drivers\RTKVHD64.sys
23:45:26.0080 6620 IntcAzAudAddService - ok
23:45:26.0178 6620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:45:26.0193 6620 intelide - ok
23:45:26.0222 6620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:45:26.0242 6620 intelppm - ok
23:45:26.0270 6620 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:45:26.0285 6620 IPBusEnum - ok
23:45:26.0296 6620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:26.0313 6620 IpFilterDriver - ok
23:45:26.0357 6620 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:45:26.0369 6620 iphlpsvc - ok
23:45:26.0395 6620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:45:26.0413 6620 IPMIDRV - ok
23:45:26.0428 6620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:45:26.0444 6620 IPNAT - ok
23:45:26.0477 6620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:45:26.0485 6620 IRENUM - ok
23:45:26.0507 6620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:45:26.0518 6620 isapnp - ok
23:45:26.0549 6620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:45:26.0572 6620 iScsiPrt - ok
23:45:26.0610 6620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:26.0623 6620 kbdclass - ok
23:45:26.0643 6620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:45:26.0656 6620 kbdhid - ok
23:45:26.0692 6620 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:26.0695 6620 KeyIso - ok
23:45:26.0712 6620 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:45:26.0728 6620 KSecDD - ok
23:45:26.0750 6620 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:45:26.0769 6620 KSecPkg - ok
23:45:26.0816 6620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:45:26.0825 6620 ksthunk - ok
23:45:26.0870 6620 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:45:26.0894 6620 KtmRm - ok
23:45:26.0961 6620 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:45:26.0972 6620 LanmanServer - ok
23:45:26.0998 6620 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:45:27.0006 6620 LanmanWorkstation - ok
23:45:27.0053 6620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:45:27.0065 6620 lltdio - ok
23:45:27.0102 6620 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:45:27.0122 6620 lltdsvc - ok
23:45:27.0138 6620 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:45:27.0141 6620 lmhosts - ok
23:45:27.0183 6620 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
23:45:27.0194 6620 LPCFilter - ok
23:45:27.0249 6620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:45:27.0264 6620 LSI_FC - ok
23:45:27.0276 6620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:45:27.0293 6620 LSI_SAS - ok
23:45:27.0307 6620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:45:27.0322 6620 LSI_SAS2 - ok
23:45:27.0335 6620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:45:27.0350 6620 LSI_SCSI - ok
23:45:27.0382 6620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:45:27.0397 6620 luafv - ok
23:45:27.0483 6620 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
23:45:27.0487 6620 McAfee SiteAdvisor Service - ok
23:45:27.0515 6620 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:45:27.0536 6620 Mcx2Svc - ok
23:45:27.0559 6620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:45:27.0577 6620 megasas - ok
23:45:27.0656 6620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:45:27.0683 6620 MegaSR - ok
23:45:27.0712 6620 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:45:27.0719 6620 MMCSS - ok
23:45:27.0744 6620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:45:27.0759 6620 Modem - ok
23:45:27.0790 6620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:45:27.0793 6620 monitor - ok
23:45:27.0829 6620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:45:27.0849 6620 mouclass - ok
23:45:27.0900 6620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:45:27.0914 6620 mouhid - ok
23:45:27.0940 6620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:45:27.0945 6620 mountmgr - ok
23:45:27.0977 6620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:45:27.0998 6620 mpio - ok
23:45:28.0022 6620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:45:28.0034 6620 mpsdrv - ok
23:45:28.0097 6620 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:45:28.0114 6620 MpsSvc - ok
23:45:28.0142 6620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:45:28.0161 6620 MRxDAV - ok
23:45:28.0187 6620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:28.0204 6620 mrxsmb - ok
23:45:28.0255 6620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:28.0278 6620 mrxsmb10 - ok
23:45:28.0303 6620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:28.0320 6620 mrxsmb20 - ok
23:45:28.0336 6620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
23:45:28.0349 6620 msahci - ok
23:45:28.0381 6620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:45:28.0402 6620 msdsm - ok
23:45:28.0437 6620 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:45:28.0459 6620 MSDTC - ok
23:45:28.0494 6620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:45:28.0505 6620 Msfs - ok
23:45:28.0526 6620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:45:28.0534 6620 mshidkmdf - ok
23:45:28.0548 6620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:45:28.0561 6620 msisadrv - ok
23:45:28.0610 6620 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:45:28.0628 6620 MSiSCSI - ok
23:45:28.0638 6620 msiserver - ok
23:45:28.0683 6620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:45:28.0691 6620 MSKSSRV - ok
23:45:28.0702 6620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:28.0709 6620 MSPCLOCK - ok
23:45:28.0721 6620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:45:28.0728 6620 MSPQM - ok
23:45:28.0773 6620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:45:28.0793 6620 MsRPC - ok
23:45:28.0818 6620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:45:28.0821 6620 mssmbios - ok
23:45:28.0837 6620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:45:28.0844 6620 MSTEE - ok
23:45:28.0854 6620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:45:28.0863 6620 MTConfig - ok
23:45:28.0884 6620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:45:28.0897 6620 Mup - ok
23:45:28.0952 6620 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:45:28.0964 6620 napagent - ok
23:45:29.0019 6620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:45:29.0043 6620 NativeWifiP - ok
23:45:29.0138 6620 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) c:\Program Files (x86)\Nero\Update\NASvc.exe
23:45:29.0149 6620 NAUpdate - ok
23:45:29.0244 6620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:45:29.0260 6620 NDIS - ok
23:45:29.0295 6620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:45:29.0306 6620 NdisCap - ok
23:45:29.0350 6620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:29.0358 6620 NdisTapi - ok
23:45:29.0397 6620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:29.0410 6620 Ndisuio - ok
23:45:29.0431 6620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:29.0435 6620 NdisWan - ok
23:45:29.0450 6620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:45:29.0463 6620 NDProxy - ok
23:45:29.0485 6620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:45:29.0497 6620 NetBIOS - ok
23:45:29.0529 6620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:45:29.0536 6620 NetBT - ok
23:45:29.0569 6620 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:29.0573 6620 Netlogon - ok
23:45:29.0663 6620 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:45:29.0674 6620 Netman - ok
23:45:29.0707 6620 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:45:29.0719 6620 netprofm - ok
23:45:29.0796 6620 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:29.0823 6620 NetTcpPortSharing - ok
23:45:29.0852 6620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:45:29.0866 6620 nfrd960 - ok
23:45:29.0915 6620 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:45:29.0924 6620 NlaSvc - ok
23:45:29.0944 6620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:45:29.0960 6620 Npfs - ok
23:45:29.0984 6620 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:45:29.0988 6620 nsi - ok
23:45:30.0011 6620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:45:30.0013 6620 nsiproxy - ok
23:45:30.0138 6620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:45:30.0195 6620 Ntfs - ok
23:45:30.0290 6620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:45:30.0297 6620 Null - ok
23:45:30.0332 6620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:45:30.0349 6620 nvraid - ok
23:45:30.0370 6620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:45:30.0387 6620 nvstor - ok
23:45:30.0402 6620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:45:30.0419 6620 nv_agp - ok
23:45:30.0431 6620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:45:30.0445 6620 ohci1394 - ok
23:45:30.0495 6620 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:45:30.0505 6620 p2pimsvc - ok
23:45:30.0546 6620 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:45:30.0558 6620 p2psvc - ok
23:45:30.0576 6620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:45:30.0592 6620 Parport - ok
23:45:30.0627 6620 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:45:30.0642 6620 partmgr - ok
23:45:30.0687 6620 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:45:30.0694 6620 PcaSvc - ok
23:45:30.0729 6620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:45:30.0733 6620 pci - ok
23:45:30.0751 6620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:45:30.0761 6620 pciide - ok
23:45:30.0808 6620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:45:30.0829 6620 pcmcia - ok
23:45:30.0846 6620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:45:30.0859 6620 pcw - ok
23:45:30.0909 6620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:45:30.0947 6620 PEAUTH - ok
23:45:31.0024 6620 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:45:31.0036 6620 PerfHost - ok
23:45:31.0106 6620 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
23:45:31.0118 6620 PGEffect - ok
23:45:31.0228 6620 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:45:31.0278 6620 pla - ok
23:45:31.0344 6620 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:45:31.0357 6620 PlugPlay - ok
23:45:31.0390 6620 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:45:31.0406 6620 PNRPAutoReg - ok
23:45:31.0440 6620 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:45:31.0449 6620 PNRPsvc - ok
23:45:31.0504 6620 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:45:31.0516 6620 PolicyAgent - ok
23:45:31.0562 6620 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:45:31.0571 6620 Power - ok
23:45:31.0676 6620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:31.0695 6620 PptpMiniport - ok
23:45:31.0717 6620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:45:31.0732 6620 Processor - ok
23:45:31.0776 6620 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:45:31.0784 6620 ProfSvc - ok
23:45:31.0815 6620 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:31.0819 6620 ProtectedStorage - ok
23:45:31.0848 6620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:45:31.0853 6620 Psched - ok
23:45:31.0954 6620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:45:32.0000 6620 ql2300 - ok
23:45:32.0107 6620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:45:32.0129 6620 ql40xx - ok
23:45:32.0158 6620 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:45:32.0184 6620 QWAVE - ok
23:45:32.0206 6620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:45:32.0209 6620 QWAVEdrv - ok
23:45:32.0348 6620 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys
23:45:32.0371 6620 RapportCerberus_34302 - ok
23:45:32.0414 6620 RapportEI64 - ok
23:45:32.0441 6620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:32.0451 6620 RasAcd - ok
23:45:32.0487 6620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:32.0501 6620 RasAgileVpn - ok
23:45:32.0536 6620 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:45:32.0553 6620 RasAuto - ok
23:45:32.0589 6620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:32.0608 6620 Rasl2tp - ok
23:45:32.0647 6620 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:45:32.0674 6620 RasMan - ok
23:45:32.0708 6620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:32.0725 6620 RasPppoe - ok
23:45:32.0739 6620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:32.0744 6620 RasSstp - ok
23:45:32.0781 6620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:32.0806 6620 rdbss - ok
23:45:32.0824 6620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:45:32.0834 6620 rdpbus - ok
23:45:32.0849 6620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:32.0852 6620 RDPCDD - ok
23:45:32.0908 6620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:45:32.0910 6620 RDPENCDD - ok
23:45:32.0935 6620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:45:32.0938 6620 RDPREFMP - ok
23:45:32.0979 6620 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:45:32.0995 6620 RDPWD - ok
23:45:33.0039 6620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:45:33.0059 6620 rdyboost - ok
23:45:33.0102 6620 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:45:33.0117 6620 RemoteAccess - ok
23:45:33.0150 6620 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:45:33.0170 6620 RemoteRegistry - ok
23:45:33.0194 6620 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:45:33.0200 6620 RpcEptMapper - ok
23:45:33.0222 6620 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:45:33.0231 6620 RpcLocator - ok
23:45:33.0275 6620 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:45:33.0285 6620 RpcSs - ok
23:45:33.0329 6620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:33.0342 6620 rspndr - ok
23:45:33.0415 6620 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
23:45:33.0422 6620 RSUSBSTOR - ok
23:45:33.0484 6620 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:45:33.0512 6620 RTL8167 - ok
23:45:33.0662 6620 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
23:45:33.0713 6620 RTL8192Ce - ok
23:45:33.0749 6620 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:33.0755 6620 SamSs - ok
23:45:33.0795 6620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:45:33.0818 6620 sbp2port - ok
23:45:33.0861 6620 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:45:33.0889 6620 SCardSvr - ok
23:45:33.0917 6620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:45:33.0932 6620 scfilter - ok
23:45:34.0016 6620 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:45:34.0044 6620 Schedule - ok
23:45:34.0085 6620 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:45:34.0089 6620 SCPolicySvc - ok
23:45:34.0134 6620 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:45:34.0144 6620 SDRSVC - ok
23:45:34.0202 6620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:45:34.0214 6620 secdrv - ok
23:45:34.0246 6620 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:45:34.0266 6620 seclogon - ok
23:45:34.0298 6620 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:45:34.0307 6620 SENS - ok
23:45:34.0343 6620 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:45:34.0364 6620 SensrSvc - ok
23:45:34.0400 6620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:45:34.0413 6620 Serenum - ok
23:45:34.0444 6620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:45:34.0464 6620 Serial - ok
23:45:34.0477 6620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:45:34.0490 6620 sermouse - ok
23:45:34.0537 6620 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:45:34.0554 6620 SessionEnv - ok
23:45:34.0562 6620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:45:34.0570 6620 sffdisk - ok
23:45:34.0579 6620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:45:34.0588 6620 sffp_mmc - ok
23:45:34.0598 6620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:45:34.0606 6620 sffp_sd - ok
23:45:34.0619 6620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:45:34.0627 6620 sfloppy - ok
23:45:34.0676 6620 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:45:34.0700 6620 SharedAccess - ok
23:45:34.0736 6620 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:45:34.0746 6620 ShellHWDetection - ok
23:45:34.0771 6620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:45:34.0784 6620 SiSRaid2 - ok
23:45:34.0801 6620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:45:34.0815 6620 SiSRaid4 - ok
23:45:34.0903 6620 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:45:34.0909 6620 SkypeUpdate - ok
23:45:34.0966 6620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:45:34.0986 6620 Smb - ok
23:45:35.0047 6620 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:45:35.0053 6620 SNMPTRAP - ok
23:45:35.0126 6620 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:45:35.0150 6620 Sony SCSI Helper Service - ok
23:45:35.0178 6620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:45:35.0193 6620 spldr - ok
23:45:35.0259 6620 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:45:35.0279 6620 Spooler - ok
23:45:35.0509 6620 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:45:35.0571 6620 sppsvc - ok
23:45:35.0692 6620 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:45:35.0716 6620 sppuinotify - ok
23:45:35.0792 6620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:45:35.0844 6620 srv - ok
23:45:35.0885 6620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:45:35.0926 6620 srv2 - ok
23:45:35.0963 6620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:35.0990 6620 srvnet - ok
23:45:36.0031 6620 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
23:45:36.0054 6620 ssadbus - ok
23:45:36.0103 6620 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:45:36.0116 6620 ssadmdfl - ok
23:45:36.0163 6620 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:45:36.0187 6620 ssadmdm - ok
23:45:36.0237 6620 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
23:45:36.0259 6620 sscdbus - ok
23:45:36.0296 6620 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:45:36.0316 6620 sscdmdfl - ok
23:45:36.0343 6620 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
23:45:36.0362 6620 sscdmdm - ok
23:45:36.0402 6620 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:45:36.0410 6620 SSDPSRV - ok
23:45:36.0423 6620 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:45:36.0429 6620 SstpSvc - ok
23:45:36.0451 6620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:45:36.0462 6620 stexstor - ok
23:45:36.0519 6620 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:45:36.0533 6620 stisvc - ok
23:45:36.0562 6620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:45:36.0574 6620 swenum - ok
23:45:36.0631 6620 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:45:36.0643 6620 swprv - ok
23:45:36.0769 6620 SynTP (9484c1de568173dc1c44df80f16092cc) C:\Windows\system32\DRIVERS\SynTP.sys
23:45:36.0816 6620 SynTP - ok
23:45:37.0003 6620 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:45:37.0036 6620 SysMain - ok
23:45:37.0117 6620 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:45:37.0136 6620 TabletInputService - ok
23:45:37.0169 6620 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:45:37.0195 6620 TapiSrv - ok
23:45:37.0220 6620 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:45:37.0226 6620 TBS - ok
23:45:37.0379 6620 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:45:37.0450 6620 Tcpip - ok
23:45:37.0669 6620 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:37.0691 6620 TCPIP6 - ok
23:45:37.0805 6620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:45:37.0821 6620 tcpipreg - ok
23:45:37.0885 6620 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:45:37.0898 6620 tdcmdpst - ok
23:45:37.0922 6620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:45:37.0931 6620 TDPIPE - ok
23:45:37.0973 6620 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:45:37.0983 6620 TDTCP - ok
23:45:38.0017 6620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:45:38.0032 6620 tdx - ok
23:45:38.0096 6620 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:45:38.0119 6620 TemproMonitoringService - ok
23:45:38.0149 6620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:45:38.0165 6620 TermDD - ok
23:45:38.0232 6620 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:45:38.0269 6620 TermService - ok
23:45:38.0287 6620 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:45:38.0293 6620 Themes - ok
23:45:38.0324 6620 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:45:38.0328 6620 THREADORDER - ok
23:45:38.0386 6620 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:45:38.0403 6620 TMachInfo - ok
23:45:38.0438 6620 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
23:45:38.0445 6620 TODDSrv - ok
23:45:38.0558 6620 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:45:38.0571 6620 TosCoSrv - ok
23:45:38.0611 6620 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:45:38.0615 6620 TOSHIBA HDD SSD Alert Service - ok
23:45:38.0654 6620 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:45:38.0662 6620 TrkWks - ok
23:45:38.0715 6620 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:45:38.0721 6620 TrustedInstaller - ok
23:45:38.0769 6620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:38.0780 6620 tssecsrv - ok
23:45:38.0810 6620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:45:38.0826 6620 TsUsbFlt - ok
23:45:38.0850 6620 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:45:38.0864 6620 TsUsbGD - ok
23:45:38.0910 6620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:38.0915 6620 tunnel - ok
23:45:38.0960 6620 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:45:38.0973 6620 TVALZ - ok
23:45:39.0002 6620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:45:39.0017 6620 uagp35 - ok
23:45:39.0045 6620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:45:39.0070 6620 udfs - ok
23:45:39.0119 6620 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:45:39.0140 6620 UI0Detect - ok
23:45:39.0151 6620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:45:39.0166 6620 uliagpkx - ok
23:45:39.0196 6620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:45:39.0209 6620 umbus - ok
23:45:39.0227 6620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:45:39.0237 6620 UmPass - ok
23:45:39.0277 6620 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:45:39.0288 6620 upnphost - ok
23:45:39.0305 6620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:39.0319 6620 usbccgp - ok
23:45:39.0351 6620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:45:39.0371 6620 usbcir - ok
23:45:39.0395 6620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:39.0406 6620 usbehci - ok
23:45:39.0470 6620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:39.0493 6620 usbhub - ok
23:45:39.0512 6620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:39.0522 6620 usbohci - ok
23:45:39.0546 6620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:45:39.0559 6620 usbprint - ok
23:45:39.0587 6620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:39.0603 6620 USBSTOR - ok
23:45:39.0612 6620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:45:39.0623 6620 usbuhci - ok
23:45:39.0652 6620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:45:39.0668 6620 usbvideo - ok
23:45:39.0698 6620 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:45:39.0704 6620 UxSms - ok
23:45:39.0736 6620 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:39.0739 6620 VaultSvc - ok
23:45:39.0788 6620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:45:39.0800 6620 vdrvroot - ok
23:45:39.0854 6620 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:45:39.0880 6620 vds - ok
23:45:39.0901 6620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:39.0910 6620 vga - ok
23:45:39.0934 6620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:45:39.0943 6620 VgaSave - ok
23:45:39.0970 6620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:45:39.0994 6620 vhdmp - ok
23:45:40.0017 6620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:45:40.0027 6620 viaide - ok
23:45:40.0051 6620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:45:40.0066 6620 volmgr - ok
23:45:40.0101 6620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:45:40.0110 6620 volmgrx - ok
23:45:40.0135 6620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:45:40.0158 6620 volsnap - ok
23:45:40.0189 6620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:45:40.0206 6620 vsmraid - ok
23:45:40.0318 6620 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:45:40.0347 6620 VSS - ok
23:45:40.0451 6620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:45:40.0467 6620 vwifibus - ok
23:45:40.0505 6620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:45:40.0523 6620 vwififlt - ok
23:45:40.0584 6620 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:45:40.0621 6620 W32Time - ok
23:45:40.0652 6620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:45:40.0662 6620 WacomPen - ok
23:45:40.0709 6620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:40.0723 6620 WANARP - ok
23:45:40.0734 6620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:40.0737 6620 Wanarpv6 - ok
23:45:40.0846 6620 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:45:40.0915 6620 WatAdminSvc - ok
23:45:41.0030 6620 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:45:41.0081 6620 wbengine - ok
23:45:41.0183 6620 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:45:41.0205 6620 WbioSrvc - ok
23:45:41.0246 6620 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:45:41.0258 6620 wcncsvc - ok
23:45:41.0282 6620 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:45:41.0299 6620 WcsPlugInService - ok
23:45:41.0357 6620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:45:41.0370 6620 Wd - ok
23:45:41.0432 6620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:45:41.0465 6620 Wdf01000 - ok
23:45:41.0494 6620 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:45:41.0501 6620 WdiServiceHost - ok
23:45:41.0510 6620 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:45:41.0517 6620 WdiSystemHost - ok
23:45:41.0569 6620 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:45:41.0595 6620 WebClient - ok
23:45:41.0638 6620 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:45:41.0661 6620 Wecsvc - ok
23:45:41.0684 6620 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:45:41.0691 6620 wercplsupport - ok
23:45:41.0720 6620 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:45:41.0727 6620 WerSvc - ok
23:45:41.0781 6620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:45:41.0789 6620 WfpLwf - ok
23:45:41.0808 6620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:45:41.0821 6620 WIMMount - ok
23:45:41.0855 6620 WinDefend - ok
23:45:41.0877 6620 WinHttpAutoProxySvc - ok
23:45:41.0949 6620 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:45:41.0955 6620 Winmgmt - ok
23:45:42.0095 6620 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:45:42.0149 6620 WinRM - ok
23:45:42.0299 6620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:45:42.0319 6620 WinUsb - ok
23:45:42.0401 6620 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:45:42.0426 6620 Wlansvc - ok
23:45:42.0523 6620 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:45:42.0543 6620 wlcrasvc - ok
23:45:42.0753 6620 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:45:42.0803 6620 wlidsvc - ok
23:45:42.0909 6620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:45:42.0917 6620 WmiAcpi - ok
23:45:42.0988 6620 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:45:43.0007 6620 wmiApSrv - ok
23:45:43.0051 6620 WMPNetworkSvc - ok
23:45:43.0097 6620 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:45:43.0110 6620 WPCSvc - ok
23:45:43.0139 6620 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:45:43.0148 6620 WPDBusEnum - ok
23:45:43.0182 6620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:43.0192 6620 ws2ifsl - ok
23:45:43.0219 6620 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:45:43.0226 6620 wscsvc - ok
23:45:43.0236 6620 WSearch - ok
23:45:43.0417 6620 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:45:43.0463 6620 wuauserv - ok
23:45:43.0578 6620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:45:43.0599 6620 WudfPf - ok
23:45:43.0646 6620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:43.0662 6620 WUDFRd - ok
23:45:43.0698 6620 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:45:43.0704 6620 wudfsvc - ok
23:45:43.0732 6620 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:45:43.0754 6620 WwanSvc - ok
23:45:43.0796 6620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:45:44.0022 6620 \Device\Harddisk0\DR0 - ok
23:45:44.0043 6620 Boot (0x1200) (509c9f3d28a67f85d41398e336dd9a94) \Device\Harddisk0\DR0\Partition0
23:45:44.0045 6620 \Device\Harddisk0\DR0\Partition0 - ok
23:45:44.0071 6620 Boot (0x1200) (9f6fc068c0f6ae77123acdac92c54c67) \Device\Harddisk0\DR0\Partition1
23:45:44.0073 6620 \Device\Harddisk0\DR0\Partition1 - ok
23:45:44.0075 6620 ============================================================
23:45:44.0075 6620 Scan finished
23:45:44.0075 6620 ============================================================
23:45:44.0105 5228 Detected object count: 0
23:45:44.0105 5228 Actual detected object count: 0
23:45:52.0014 6308 Deinitialize success
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby confused63 » June 20th, 2012, 7:03 pm

Hi Maxi,

I have done the restore point, and done the first scan I will paste it below. I do not know what OTL.exe is so I can't do that one... if you could explain where I find this programme then I will do my best. My Avira antivirus does not find any virus when it does it daily scan, it only found those two that I told you about earlier, the ones attached to audacity. I still have that programme and I have not deleted it, since you haven't told me to do so.

I have two of those TDSS scan's .... so I past both below.

If you could help me with the OTL.exe then I will scan with that programme as well.

Thank you so much for your help.
P

23:30:36.0047 5088 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:30:36.0299 5088 ============================================================
23:30:36.0299 5088 Current date / time: 2012/06/20 23:30:36.0299
23:30:36.0299 5088 SystemInfo:
23:30:36.0300 5088
23:30:36.0300 5088 OS Version: 6.1.7601 ServicePack: 1.0
23:30:36.0300 5088 Product type: Workstation
23:30:36.0300 5088 ComputerName: TOSHIBA
23:30:36.0302 5088 UserName: Paglam
23:30:36.0302 5088 Windows directory: C:\Windows
23:30:36.0302 5088 System windows directory: C:\Windows
23:30:36.0302 5088 Running under WOW64
23:30:36.0302 5088 Processor architecture: Intel x64
23:30:36.0302 5088 Number of processors: 2
23:30:36.0302 5088 Page size: 0x1000
23:30:36.0302 5088 Boot type: Normal boot
23:30:36.0302 5088 ============================================================
23:30:38.0221 5088 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:38.0231 5088 ============================================================
23:30:38.0231 5088 \Device\Harddisk0\DR0:
23:30:38.0231 5088 MBR partitions:
23:30:38.0231 5088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
23:30:38.0231 5088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
23:30:38.0231 5088 ============================================================
23:30:38.0272 5088 C: <-> \Device\Harddisk0\DR0\Partition0
23:30:38.0310 5088 D: <-> \Device\Harddisk0\DR0\Partition1
23:30:38.0342 5088 ============================================================
23:30:38.0342 5088 Initialize success
23:30:38.0342 5088 ============================================================
23:30:43.0515 6272 Deinitialize success



23:44:49.0678 7632 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
23:44:50.0823 7632 ============================================================
23:44:50.0823 7632 Current date / time: 2012/06/20 23:44:50.0823
23:44:50.0823 7632 SystemInfo:
23:44:50.0823 7632
23:44:50.0823 7632 OS Version: 6.1.7601 ServicePack: 1.0
23:44:50.0823 7632 Product type: Workstation
23:44:50.0823 7632 ComputerName: TOSHIBA
23:44:50.0824 7632 UserName: Paglam
23:44:50.0824 7632 Windows directory: C:\Windows
23:44:50.0824 7632 System windows directory: C:\Windows
23:44:50.0824 7632 Running under WOW64
23:44:50.0824 7632 Processor architecture: Intel x64
23:44:50.0824 7632 Number of processors: 2
23:44:50.0824 7632 Page size: 0x1000
23:44:50.0824 7632 Boot type: Normal boot
23:44:50.0824 7632 ============================================================
23:44:52.0529 7632 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:44:52.0539 7632 ============================================================
23:44:52.0539 7632 \Device\Harddisk0\DR0:
23:44:52.0540 7632 MBR partitions:
23:44:52.0540 7632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
23:44:52.0540 7632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
23:44:52.0540 7632 ============================================================
23:44:52.0579 7632 C: <-> \Device\Harddisk0\DR0\Partition0
23:44:52.0607 7632 D: <-> \Device\Harddisk0\DR0\Partition1
23:44:52.0607 7632 ============================================================
23:44:52.0607 7632 Initialize success
23:44:52.0607 7632 ============================================================
23:45:15.0328 6620 ============================================================
23:45:15.0328 6620 Scan started
23:45:15.0329 6620 Mode: Manual;
23:45:15.0329 6620 ============================================================
23:45:16.0241 6620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:45:16.0272 6620 1394ohci - ok
23:45:16.0315 6620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:45:16.0325 6620 ACPI - ok
23:45:16.0352 6620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:45:16.0365 6620 AcpiPmi - ok
23:45:16.0457 6620 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:45:16.0461 6620 AdobeARMservice - ok
23:45:16.0599 6620 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:45:16.0605 6620 AdobeFlashPlayerUpdateSvc - ok
23:45:16.0682 6620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:45:16.0716 6620 adp94xx - ok
23:45:16.0768 6620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:45:16.0796 6620 adpahci - ok
23:45:16.0823 6620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:45:16.0848 6620 adpu320 - ok
23:45:16.0901 6620 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:45:16.0905 6620 AeLookupSvc - ok
23:45:16.0976 6620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:45:16.0990 6620 AFD - ok
23:45:17.0034 6620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:45:17.0054 6620 agp440 - ok
23:45:17.0103 6620 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:45:17.0126 6620 ALG - ok
23:45:17.0150 6620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:45:17.0164 6620 aliide - ok
23:45:17.0224 6620 AMD External Events Utility (310f88a93c3b02e3d1f906fb57b9e01e) C:\Windows\system32\atiesrxx.exe
23:45:17.0230 6620 AMD External Events Utility - ok
23:45:17.0266 6620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:45:17.0277 6620 amdide - ok
23:45:17.0303 6620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:45:17.0318 6620 AmdK8 - ok
23:45:17.0857 6620 amdkmdag (62ddf55680f8c53e4b8dde4189ada0b8) C:\Windows\system32\DRIVERS\atikmdag.sys
23:45:18.0096 6620 amdkmdag - ok
23:45:18.0235 6620 amdkmdap (51f027dffedfb8d763fabffa06b56e6d) C:\Windows\system32\DRIVERS\atikmpag.sys
23:45:18.0241 6620 amdkmdap - ok
23:45:18.0282 6620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:45:18.0284 6620 AmdPPM - ok
23:45:18.0321 6620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:45:18.0336 6620 amdsata - ok
23:45:18.0357 6620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:45:18.0376 6620 amdsbs - ok
23:45:18.0399 6620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:45:18.0410 6620 amdxata - ok
23:45:18.0449 6620 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
23:45:18.0451 6620 amd_sata - ok
23:45:18.0476 6620 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
23:45:18.0488 6620 amd_xata - ok
23:45:18.0583 6620 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:45:18.0587 6620 AntiVirSchedulerService - ok
23:45:18.0629 6620 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:45:18.0632 6620 AntiVirService - ok
23:45:18.0681 6620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:45:18.0698 6620 AppID - ok
23:45:18.0730 6620 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:45:18.0747 6620 AppIDSvc - ok
23:45:18.0769 6620 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:45:18.0773 6620 Appinfo - ok
23:45:18.0803 6620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:45:18.0825 6620 arc - ok
23:45:18.0844 6620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:45:18.0866 6620 arcsas - ok
23:45:18.0884 6620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:45:18.0895 6620 AsyncMac - ok
23:45:18.0937 6620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:45:18.0948 6620 atapi - ok
23:45:19.0035 6620 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:45:19.0047 6620 AudioEndpointBuilder - ok
23:45:19.0065 6620 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:45:19.0075 6620 AudioSrv - ok
23:45:19.0122 6620 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
23:45:19.0141 6620 avgntflt - ok
23:45:19.0192 6620 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
23:45:19.0211 6620 avipbb - ok
23:45:19.0248 6620 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:45:19.0261 6620 avkmgr - ok
23:45:19.0305 6620 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:45:19.0318 6620 AxInstSV - ok
23:45:19.0381 6620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:45:19.0404 6620 b06bdrv - ok
23:45:19.0458 6620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:45:19.0478 6620 b57nd60a - ok
23:45:19.0516 6620 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:45:19.0529 6620 BDESVC - ok
23:45:19.0544 6620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:45:19.0553 6620 Beep - ok
23:45:19.0707 6620 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:45:19.0724 6620 BFE - ok
23:45:19.0806 6620 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:45:19.0830 6620 BITS - ok
23:45:19.0894 6620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:45:19.0910 6620 blbdrive - ok
23:45:19.0958 6620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:45:19.0978 6620 bowser - ok
23:45:20.0008 6620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:45:20.0021 6620 BrFiltLo - ok
23:45:20.0033 6620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:45:20.0045 6620 BrFiltUp - ok
23:45:20.0079 6620 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:45:20.0085 6620 Browser - ok
23:45:20.0127 6620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:45:20.0160 6620 Brserid - ok
23:45:20.0175 6620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:45:20.0190 6620 BrSerWdm - ok
23:45:20.0205 6620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:45:20.0217 6620 BrUsbMdm - ok
23:45:20.0230 6620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:45:20.0241 6620 BrUsbSer - ok
23:45:20.0254 6620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:45:20.0268 6620 BTHMODEM - ok
23:45:20.0308 6620 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:45:20.0322 6620 bthserv - ok
23:45:20.0345 6620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:45:20.0358 6620 cdfs - ok
23:45:20.0403 6620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:45:20.0421 6620 cdrom - ok
23:45:20.0476 6620 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys
23:45:20.0487 6620 CeKbFilter - ok
23:45:20.0527 6620 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:45:20.0543 6620 CertPropSvc - ok
23:45:20.0641 6620 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
23:45:20.0649 6620 cfWiMAXService - ok
23:45:20.0683 6620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:45:20.0696 6620 circlass - ok
23:45:20.0741 6620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:45:20.0749 6620 CLFS - ok
23:45:20.0808 6620 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:45:20.0826 6620 clr_optimization_v2.0.50727_32 - ok
23:45:20.0901 6620 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:45:20.0918 6620 clr_optimization_v2.0.50727_64 - ok
23:45:20.0955 6620 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:45:20.0960 6620 clr_optimization_v4.0.30319_32 - ok
23:45:21.0024 6620 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:45:21.0029 6620 clr_optimization_v4.0.30319_64 - ok
23:45:21.0071 6620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:45:21.0080 6620 CmBatt - ok
23:45:21.0095 6620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:45:21.0107 6620 cmdide - ok
23:45:21.0161 6620 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:45:21.0193 6620 CNG - ok
23:45:21.0233 6620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:45:21.0246 6620 Compbatt - ok
23:45:21.0267 6620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:45:21.0281 6620 CompositeBus - ok
23:45:21.0294 6620 COMSysApp - ok
23:45:21.0388 6620 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
23:45:21.0391 6620 ConfigFree Service - ok
23:45:21.0430 6620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:45:21.0442 6620 crcdisk - ok
23:45:21.0511 6620 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:45:21.0517 6620 CryptSvc - ok
23:45:21.0593 6620 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:45:21.0607 6620 DcomLaunch - ok
23:45:21.0653 6620 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:45:21.0676 6620 defragsvc - ok
23:45:21.0708 6620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:45:21.0725 6620 DfsC - ok
23:45:21.0772 6620 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:45:21.0780 6620 Dhcp - ok
23:45:21.0804 6620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:45:21.0807 6620 discache - ok
23:45:21.0823 6620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:45:21.0842 6620 Disk - ok
23:45:21.0878 6620 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:45:21.0883 6620 Dnscache - ok
23:45:21.0928 6620 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:45:21.0948 6620 dot3svc - ok
23:45:21.0979 6620 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:45:21.0985 6620 DPS - ok
23:45:22.0027 6620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:45:22.0033 6620 drmkaud - ok
23:45:22.0106 6620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:45:22.0141 6620 DXGKrnl - ok
23:45:22.0179 6620 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:45:22.0183 6620 EapHost - ok
23:45:22.0389 6620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:45:22.0461 6620 ebdrv - ok
23:45:22.0559 6620 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:45:22.0565 6620 EFS - ok
23:45:22.0642 6620 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:45:22.0688 6620 ehRecvr - ok
23:45:22.0726 6620 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:45:22.0754 6620 ehSched - ok
23:45:22.0857 6620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:45:22.0889 6620 elxstor - ok
23:45:22.0904 6620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:45:22.0917 6620 ErrDev - ok
23:45:22.0992 6620 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:45:23.0004 6620 EventSystem - ok
23:45:23.0051 6620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:45:23.0075 6620 exfat - ok
23:45:23.0100 6620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:45:23.0124 6620 fastfat - ok
23:45:23.0200 6620 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:45:23.0218 6620 Fax - ok
23:45:23.0249 6620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:45:23.0269 6620 fdc - ok
23:45:23.0298 6620 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:45:23.0302 6620 fdPHost - ok
23:45:23.0326 6620 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:45:23.0331 6620 FDResPub - ok
23:45:23.0353 6620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:45:23.0374 6620 FileInfo - ok
23:45:23.0398 6620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:45:23.0411 6620 Filetrace - ok
23:45:23.0452 6620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:45:23.0464 6620 flpydisk - ok
23:45:23.0512 6620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:45:23.0520 6620 FltMgr - ok
23:45:23.0677 6620 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:45:23.0705 6620 FontCache - ok
23:45:23.0761 6620 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:45:23.0765 6620 FontCache3.0.0.0 - ok
23:45:23.0807 6620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:45:23.0827 6620 FsDepends - ok
23:45:23.0861 6620 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:45:23.0877 6620 Fs_Rec - ok
23:45:23.0930 6620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:45:23.0938 6620 fvevol - ok
23:45:23.0964 6620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:45:23.0983 6620 gagp30kx - ok
23:45:24.0087 6620 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:45:24.0125 6620 GamesAppService - ok
23:45:24.0196 6620 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:45:24.0211 6620 gpsvc - ok
23:45:24.0299 6620 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:45:24.0302 6620 gupdate - ok
23:45:24.0314 6620 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:45:24.0317 6620 gupdatem - ok
23:45:24.0343 6620 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:45:24.0369 6620 gusvc - ok
23:45:24.0426 6620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:45:24.0442 6620 hcw85cir - ok
23:45:24.0506 6620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:45:24.0531 6620 HdAudAddService - ok
23:45:24.0572 6620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:24.0575 6620 HDAudBus - ok
23:45:24.0593 6620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:45:24.0604 6620 HidBatt - ok
23:45:24.0619 6620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:45:24.0633 6620 HidBth - ok
23:45:24.0643 6620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:45:24.0656 6620 HidIr - ok
23:45:24.0683 6620 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:45:24.0696 6620 hidserv - ok
23:45:24.0716 6620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:45:24.0726 6620 HidUsb - ok
23:45:24.0756 6620 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:45:24.0770 6620 hkmsvc - ok
23:45:24.0803 6620 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:45:24.0810 6620 HomeGroupListener - ok
23:45:24.0844 6620 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:45:24.0852 6620 HomeGroupProvider - ok
23:45:24.0881 6620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:45:24.0896 6620 HpSAMD - ok
23:45:24.0970 6620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:45:24.0984 6620 HTTP - ok
23:45:25.0007 6620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:45:25.0010 6620 hwpolicy - ok
23:45:25.0064 6620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:25.0081 6620 i8042prt - ok
23:45:25.0135 6620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:45:25.0157 6620 iaStorV - ok
23:45:25.0317 6620 IconMan_R (dabfbe88774a3c1a8cea198348e02740) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
23:45:25.0348 6620 IconMan_R - ok
23:45:25.0484 6620 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:45:25.0577 6620 idsvc - ok
23:45:25.0668 6620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:45:25.0683 6620 iirsp - ok
23:45:25.0755 6620 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:45:25.0772 6620 IKEEXT - ok
23:45:25.0985 6620 IntcAzAudAddService (8bc7eb3bf3fa1c434aa830a50456dd02) C:\Windows\system32\drivers\RTKVHD64.sys
23:45:26.0080 6620 IntcAzAudAddService - ok
23:45:26.0178 6620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:45:26.0193 6620 intelide - ok
23:45:26.0222 6620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:45:26.0242 6620 intelppm - ok
23:45:26.0270 6620 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:45:26.0285 6620 IPBusEnum - ok
23:45:26.0296 6620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:26.0313 6620 IpFilterDriver - ok
23:45:26.0357 6620 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:45:26.0369 6620 iphlpsvc - ok
23:45:26.0395 6620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:45:26.0413 6620 IPMIDRV - ok
23:45:26.0428 6620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:45:26.0444 6620 IPNAT - ok
23:45:26.0477 6620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:45:26.0485 6620 IRENUM - ok
23:45:26.0507 6620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:45:26.0518 6620 isapnp - ok
23:45:26.0549 6620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:45:26.0572 6620 iScsiPrt - ok
23:45:26.0610 6620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:26.0623 6620 kbdclass - ok
23:45:26.0643 6620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:45:26.0656 6620 kbdhid - ok
23:45:26.0692 6620 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:26.0695 6620 KeyIso - ok
23:45:26.0712 6620 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:45:26.0728 6620 KSecDD - ok
23:45:26.0750 6620 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:45:26.0769 6620 KSecPkg - ok
23:45:26.0816 6620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:45:26.0825 6620 ksthunk - ok
23:45:26.0870 6620 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:45:26.0894 6620 KtmRm - ok
23:45:26.0961 6620 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:45:26.0972 6620 LanmanServer - ok
23:45:26.0998 6620 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:45:27.0006 6620 LanmanWorkstation - ok
23:45:27.0053 6620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:45:27.0065 6620 lltdio - ok
23:45:27.0102 6620 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:45:27.0122 6620 lltdsvc - ok
23:45:27.0138 6620 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:45:27.0141 6620 lmhosts - ok
23:45:27.0183 6620 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys
23:45:27.0194 6620 LPCFilter - ok
23:45:27.0249 6620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:45:27.0264 6620 LSI_FC - ok
23:45:27.0276 6620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:45:27.0293 6620 LSI_SAS - ok
23:45:27.0307 6620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:45:27.0322 6620 LSI_SAS2 - ok
23:45:27.0335 6620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:45:27.0350 6620 LSI_SCSI - ok
23:45:27.0382 6620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:45:27.0397 6620 luafv - ok
23:45:27.0483 6620 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
23:45:27.0487 6620 McAfee SiteAdvisor Service - ok
23:45:27.0515 6620 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:45:27.0536 6620 Mcx2Svc - ok
23:45:27.0559 6620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:45:27.0577 6620 megasas - ok
23:45:27.0656 6620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:45:27.0683 6620 MegaSR - ok
23:45:27.0712 6620 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:45:27.0719 6620 MMCSS - ok
23:45:27.0744 6620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:45:27.0759 6620 Modem - ok
23:45:27.0790 6620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:45:27.0793 6620 monitor - ok
23:45:27.0829 6620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:45:27.0849 6620 mouclass - ok
23:45:27.0900 6620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:45:27.0914 6620 mouhid - ok
23:45:27.0940 6620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:45:27.0945 6620 mountmgr - ok
23:45:27.0977 6620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:45:27.0998 6620 mpio - ok
23:45:28.0022 6620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:45:28.0034 6620 mpsdrv - ok
23:45:28.0097 6620 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:45:28.0114 6620 MpsSvc - ok
23:45:28.0142 6620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:45:28.0161 6620 MRxDAV - ok
23:45:28.0187 6620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:28.0204 6620 mrxsmb - ok
23:45:28.0255 6620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:28.0278 6620 mrxsmb10 - ok
23:45:28.0303 6620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:28.0320 6620 mrxsmb20 - ok
23:45:28.0336 6620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\DRIVERS\msahci.sys
23:45:28.0349 6620 msahci - ok
23:45:28.0381 6620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:45:28.0402 6620 msdsm - ok
23:45:28.0437 6620 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:45:28.0459 6620 MSDTC - ok
23:45:28.0494 6620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:45:28.0505 6620 Msfs - ok
23:45:28.0526 6620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:45:28.0534 6620 mshidkmdf - ok
23:45:28.0548 6620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:45:28.0561 6620 msisadrv - ok
23:45:28.0610 6620 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:45:28.0628 6620 MSiSCSI - ok
23:45:28.0638 6620 msiserver - ok
23:45:28.0683 6620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:45:28.0691 6620 MSKSSRV - ok
23:45:28.0702 6620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:28.0709 6620 MSPCLOCK - ok
23:45:28.0721 6620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:45:28.0728 6620 MSPQM - ok
23:45:28.0773 6620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:45:28.0793 6620 MsRPC - ok
23:45:28.0818 6620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:45:28.0821 6620 mssmbios - ok
23:45:28.0837 6620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:45:28.0844 6620 MSTEE - ok
23:45:28.0854 6620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:45:28.0863 6620 MTConfig - ok
23:45:28.0884 6620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:45:28.0897 6620 Mup - ok
23:45:28.0952 6620 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:45:28.0964 6620 napagent - ok
23:45:29.0019 6620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:45:29.0043 6620 NativeWifiP - ok
23:45:29.0138 6620 NAUpdate (13aa2130f2a104dd775ead0f0ee5417b) c:\Program Files (x86)\Nero\Update\NASvc.exe
23:45:29.0149 6620 NAUpdate - ok
23:45:29.0244 6620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:45:29.0260 6620 NDIS - ok
23:45:29.0295 6620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:45:29.0306 6620 NdisCap - ok
23:45:29.0350 6620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:29.0358 6620 NdisTapi - ok
23:45:29.0397 6620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:29.0410 6620 Ndisuio - ok
23:45:29.0431 6620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:29.0435 6620 NdisWan - ok
23:45:29.0450 6620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:45:29.0463 6620 NDProxy - ok
23:45:29.0485 6620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:45:29.0497 6620 NetBIOS - ok
23:45:29.0529 6620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:45:29.0536 6620 NetBT - ok
23:45:29.0569 6620 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:29.0573 6620 Netlogon - ok
23:45:29.0663 6620 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:45:29.0674 6620 Netman - ok
23:45:29.0707 6620 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:45:29.0719 6620 netprofm - ok
23:45:29.0796 6620 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:45:29.0823 6620 NetTcpPortSharing - ok
23:45:29.0852 6620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:45:29.0866 6620 nfrd960 - ok
23:45:29.0915 6620 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:45:29.0924 6620 NlaSvc - ok
23:45:29.0944 6620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:45:29.0960 6620 Npfs - ok
23:45:29.0984 6620 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:45:29.0988 6620 nsi - ok
23:45:30.0011 6620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:45:30.0013 6620 nsiproxy - ok
23:45:30.0138 6620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:45:30.0195 6620 Ntfs - ok
23:45:30.0290 6620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:45:30.0297 6620 Null - ok
23:45:30.0332 6620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:45:30.0349 6620 nvraid - ok
23:45:30.0370 6620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:45:30.0387 6620 nvstor - ok
23:45:30.0402 6620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:45:30.0419 6620 nv_agp - ok
23:45:30.0431 6620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:45:30.0445 6620 ohci1394 - ok
23:45:30.0495 6620 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:45:30.0505 6620 p2pimsvc - ok
23:45:30.0546 6620 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:45:30.0558 6620 p2psvc - ok
23:45:30.0576 6620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:45:30.0592 6620 Parport - ok
23:45:30.0627 6620 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:45:30.0642 6620 partmgr - ok
23:45:30.0687 6620 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:45:30.0694 6620 PcaSvc - ok
23:45:30.0729 6620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:45:30.0733 6620 pci - ok
23:45:30.0751 6620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:45:30.0761 6620 pciide - ok
23:45:30.0808 6620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:45:30.0829 6620 pcmcia - ok
23:45:30.0846 6620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:45:30.0859 6620 pcw - ok
23:45:30.0909 6620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:45:30.0947 6620 PEAUTH - ok
23:45:31.0024 6620 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:45:31.0036 6620 PerfHost - ok
23:45:31.0106 6620 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
23:45:31.0118 6620 PGEffect - ok
23:45:31.0228 6620 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:45:31.0278 6620 pla - ok
23:45:31.0344 6620 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:45:31.0357 6620 PlugPlay - ok
23:45:31.0390 6620 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:45:31.0406 6620 PNRPAutoReg - ok
23:45:31.0440 6620 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:45:31.0449 6620 PNRPsvc - ok
23:45:31.0504 6620 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:45:31.0516 6620 PolicyAgent - ok
23:45:31.0562 6620 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:45:31.0571 6620 Power - ok
23:45:31.0676 6620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:31.0695 6620 PptpMiniport - ok
23:45:31.0717 6620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:45:31.0732 6620 Processor - ok
23:45:31.0776 6620 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:45:31.0784 6620 ProfSvc - ok
23:45:31.0815 6620 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:31.0819 6620 ProtectedStorage - ok
23:45:31.0848 6620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:45:31.0853 6620 Psched - ok
23:45:31.0954 6620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:45:32.0000 6620 ql2300 - ok
23:45:32.0107 6620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:45:32.0129 6620 ql40xx - ok
23:45:32.0158 6620 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:45:32.0184 6620 QWAVE - ok
23:45:32.0206 6620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:45:32.0209 6620 QWAVEdrv - ok
23:45:32.0348 6620 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_34302.sys
23:45:32.0371 6620 RapportCerberus_34302 - ok
23:45:32.0414 6620 RapportEI64 - ok
23:45:32.0441 6620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:32.0451 6620 RasAcd - ok
23:45:32.0487 6620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:45:32.0501 6620 RasAgileVpn - ok
23:45:32.0536 6620 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:45:32.0553 6620 RasAuto - ok
23:45:32.0589 6620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:32.0608 6620 Rasl2tp - ok
23:45:32.0647 6620 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:45:32.0674 6620 RasMan - ok
23:45:32.0708 6620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:32.0725 6620 RasPppoe - ok
23:45:32.0739 6620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:32.0744 6620 RasSstp - ok
23:45:32.0781 6620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:32.0806 6620 rdbss - ok
23:45:32.0824 6620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:45:32.0834 6620 rdpbus - ok
23:45:32.0849 6620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:32.0852 6620 RDPCDD - ok
23:45:32.0908 6620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:45:32.0910 6620 RDPENCDD - ok
23:45:32.0935 6620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:45:32.0938 6620 RDPREFMP - ok
23:45:32.0979 6620 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:45:32.0995 6620 RDPWD - ok
23:45:33.0039 6620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:45:33.0059 6620 rdyboost - ok
23:45:33.0102 6620 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:45:33.0117 6620 RemoteAccess - ok
23:45:33.0150 6620 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:45:33.0170 6620 RemoteRegistry - ok
23:45:33.0194 6620 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:45:33.0200 6620 RpcEptMapper - ok
23:45:33.0222 6620 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:45:33.0231 6620 RpcLocator - ok
23:45:33.0275 6620 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:45:33.0285 6620 RpcSs - ok
23:45:33.0329 6620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:33.0342 6620 rspndr - ok
23:45:33.0415 6620 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
23:45:33.0422 6620 RSUSBSTOR - ok
23:45:33.0484 6620 RTL8167 (5d6a444bd37b52ff846387c87dcdf98a) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:45:33.0512 6620 RTL8167 - ok
23:45:33.0662 6620 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
23:45:33.0713 6620 RTL8192Ce - ok
23:45:33.0749 6620 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:33.0755 6620 SamSs - ok
23:45:33.0795 6620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:45:33.0818 6620 sbp2port - ok
23:45:33.0861 6620 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:45:33.0889 6620 SCardSvr - ok
23:45:33.0917 6620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:45:33.0932 6620 scfilter - ok
23:45:34.0016 6620 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:45:34.0044 6620 Schedule - ok
23:45:34.0085 6620 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:45:34.0089 6620 SCPolicySvc - ok
23:45:34.0134 6620 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:45:34.0144 6620 SDRSVC - ok
23:45:34.0202 6620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:45:34.0214 6620 secdrv - ok
23:45:34.0246 6620 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:45:34.0266 6620 seclogon - ok
23:45:34.0298 6620 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:45:34.0307 6620 SENS - ok
23:45:34.0343 6620 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:45:34.0364 6620 SensrSvc - ok
23:45:34.0400 6620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:45:34.0413 6620 Serenum - ok
23:45:34.0444 6620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:45:34.0464 6620 Serial - ok
23:45:34.0477 6620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:45:34.0490 6620 sermouse - ok
23:45:34.0537 6620 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:45:34.0554 6620 SessionEnv - ok
23:45:34.0562 6620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:45:34.0570 6620 sffdisk - ok
23:45:34.0579 6620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:45:34.0588 6620 sffp_mmc - ok
23:45:34.0598 6620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:45:34.0606 6620 sffp_sd - ok
23:45:34.0619 6620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:45:34.0627 6620 sfloppy - ok
23:45:34.0676 6620 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:45:34.0700 6620 SharedAccess - ok
23:45:34.0736 6620 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:45:34.0746 6620 ShellHWDetection - ok
23:45:34.0771 6620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:45:34.0784 6620 SiSRaid2 - ok
23:45:34.0801 6620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:45:34.0815 6620 SiSRaid4 - ok
23:45:34.0903 6620 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:45:34.0909 6620 SkypeUpdate - ok
23:45:34.0966 6620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:45:34.0986 6620 Smb - ok
23:45:35.0047 6620 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:45:35.0053 6620 SNMPTRAP - ok
23:45:35.0126 6620 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
23:45:35.0150 6620 Sony SCSI Helper Service - ok
23:45:35.0178 6620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:45:35.0193 6620 spldr - ok
23:45:35.0259 6620 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:45:35.0279 6620 Spooler - ok
23:45:35.0509 6620 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:45:35.0571 6620 sppsvc - ok
23:45:35.0692 6620 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:45:35.0716 6620 sppuinotify - ok
23:45:35.0792 6620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:45:35.0844 6620 srv - ok
23:45:35.0885 6620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:45:35.0926 6620 srv2 - ok
23:45:35.0963 6620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:35.0990 6620 srvnet - ok
23:45:36.0031 6620 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
23:45:36.0054 6620 ssadbus - ok
23:45:36.0103 6620 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:45:36.0116 6620 ssadmdfl - ok
23:45:36.0163 6620 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:45:36.0187 6620 ssadmdm - ok
23:45:36.0237 6620 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
23:45:36.0259 6620 sscdbus - ok
23:45:36.0296 6620 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:45:36.0316 6620 sscdmdfl - ok
23:45:36.0343 6620 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
23:45:36.0362 6620 sscdmdm - ok
23:45:36.0402 6620 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:45:36.0410 6620 SSDPSRV - ok
23:45:36.0423 6620 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:45:36.0429 6620 SstpSvc - ok
23:45:36.0451 6620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:45:36.0462 6620 stexstor - ok
23:45:36.0519 6620 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:45:36.0533 6620 stisvc - ok
23:45:36.0562 6620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:45:36.0574 6620 swenum - ok
23:45:36.0631 6620 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:45:36.0643 6620 swprv - ok
23:45:36.0769 6620 SynTP (9484c1de568173dc1c44df80f16092cc) C:\Windows\system32\DRIVERS\SynTP.sys
23:45:36.0816 6620 SynTP - ok
23:45:37.0003 6620 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:45:37.0036 6620 SysMain - ok
23:45:37.0117 6620 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:45:37.0136 6620 TabletInputService - ok
23:45:37.0169 6620 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:45:37.0195 6620 TapiSrv - ok
23:45:37.0220 6620 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:45:37.0226 6620 TBS - ok
23:45:37.0379 6620 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:45:37.0450 6620 Tcpip - ok
23:45:37.0669 6620 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:37.0691 6620 TCPIP6 - ok
23:45:37.0805 6620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:45:37.0821 6620 tcpipreg - ok
23:45:37.0885 6620 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:45:37.0898 6620 tdcmdpst - ok
23:45:37.0922 6620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:45:37.0931 6620 TDPIPE - ok
23:45:37.0973 6620 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:45:37.0983 6620 TDTCP - ok
23:45:38.0017 6620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:45:38.0032 6620 tdx - ok
23:45:38.0096 6620 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
23:45:38.0119 6620 TemproMonitoringService - ok
23:45:38.0149 6620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:45:38.0165 6620 TermDD - ok
23:45:38.0232 6620 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:45:38.0269 6620 TermService - ok
23:45:38.0287 6620 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:45:38.0293 6620 Themes - ok
23:45:38.0324 6620 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:45:38.0328 6620 THREADORDER - ok
23:45:38.0386 6620 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:45:38.0403 6620 TMachInfo - ok
23:45:38.0438 6620 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
23:45:38.0445 6620 TODDSrv - ok
23:45:38.0558 6620 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:45:38.0571 6620 TosCoSrv - ok
23:45:38.0611 6620 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:45:38.0615 6620 TOSHIBA HDD SSD Alert Service - ok
23:45:38.0654 6620 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:45:38.0662 6620 TrkWks - ok
23:45:38.0715 6620 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:45:38.0721 6620 TrustedInstaller - ok
23:45:38.0769 6620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:38.0780 6620 tssecsrv - ok
23:45:38.0810 6620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:45:38.0826 6620 TsUsbFlt - ok
23:45:38.0850 6620 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:45:38.0864 6620 TsUsbGD - ok
23:45:38.0910 6620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:38.0915 6620 tunnel - ok
23:45:38.0960 6620 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:45:38.0973 6620 TVALZ - ok
23:45:39.0002 6620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:45:39.0017 6620 uagp35 - ok
23:45:39.0045 6620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:45:39.0070 6620 udfs - ok
23:45:39.0119 6620 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:45:39.0140 6620 UI0Detect - ok
23:45:39.0151 6620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:45:39.0166 6620 uliagpkx - ok
23:45:39.0196 6620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:45:39.0209 6620 umbus - ok
23:45:39.0227 6620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:45:39.0237 6620 UmPass - ok
23:45:39.0277 6620 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:45:39.0288 6620 upnphost - ok
23:45:39.0305 6620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:39.0319 6620 usbccgp - ok
23:45:39.0351 6620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:45:39.0371 6620 usbcir - ok
23:45:39.0395 6620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:39.0406 6620 usbehci - ok
23:45:39.0470 6620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:39.0493 6620 usbhub - ok
23:45:39.0512 6620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:39.0522 6620 usbohci - ok
23:45:39.0546 6620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:45:39.0559 6620 usbprint - ok
23:45:39.0587 6620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:39.0603 6620 USBSTOR - ok
23:45:39.0612 6620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:45:39.0623 6620 usbuhci - ok
23:45:39.0652 6620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:45:39.0668 6620 usbvideo - ok
23:45:39.0698 6620 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:45:39.0704 6620 UxSms - ok
23:45:39.0736 6620 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:45:39.0739 6620 VaultSvc - ok
23:45:39.0788 6620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:45:39.0800 6620 vdrvroot - ok
23:45:39.0854 6620 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:45:39.0880 6620 vds - ok
23:45:39.0901 6620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:39.0910 6620 vga - ok
23:45:39.0934 6620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:45:39.0943 6620 VgaSave - ok
23:45:39.0970 6620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:45:39.0994 6620 vhdmp - ok
23:45:40.0017 6620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:45:40.0027 6620 viaide - ok
23:45:40.0051 6620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:45:40.0066 6620 volmgr - ok
23:45:40.0101 6620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:45:40.0110 6620 volmgrx - ok
23:45:40.0135 6620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:45:40.0158 6620 volsnap - ok
23:45:40.0189 6620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:45:40.0206 6620 vsmraid - ok
23:45:40.0318 6620 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:45:40.0347 6620 VSS - ok
23:45:40.0451 6620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:45:40.0467 6620 vwifibus - ok
23:45:40.0505 6620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:45:40.0523 6620 vwififlt - ok
23:45:40.0584 6620 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:45:40.0621 6620 W32Time - ok
23:45:40.0652 6620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:45:40.0662 6620 WacomPen - ok
23:45:40.0709 6620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:40.0723 6620 WANARP - ok
23:45:40.0734 6620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:40.0737 6620 Wanarpv6 - ok
23:45:40.0846 6620 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:45:40.0915 6620 WatAdminSvc - ok
23:45:41.0030 6620 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:45:41.0081 6620 wbengine - ok
23:45:41.0183 6620 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:45:41.0205 6620 WbioSrvc - ok
23:45:41.0246 6620 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:45:41.0258 6620 wcncsvc - ok
23:45:41.0282 6620 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:45:41.0299 6620 WcsPlugInService - ok
23:45:41.0357 6620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:45:41.0370 6620 Wd - ok
23:45:41.0432 6620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:45:41.0465 6620 Wdf01000 - ok
23:45:41.0494 6620 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:45:41.0501 6620 WdiServiceHost - ok
23:45:41.0510 6620 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:45:41.0517 6620 WdiSystemHost - ok
23:45:41.0569 6620 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:45:41.0595 6620 WebClient - ok
23:45:41.0638 6620 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:45:41.0661 6620 Wecsvc - ok
23:45:41.0684 6620 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:45:41.0691 6620 wercplsupport - ok
23:45:41.0720 6620 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:45:41.0727 6620 WerSvc - ok
23:45:41.0781 6620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:45:41.0789 6620 WfpLwf - ok
23:45:41.0808 6620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:45:41.0821 6620 WIMMount - ok
23:45:41.0855 6620 WinDefend - ok
23:45:41.0877 6620 WinHttpAutoProxySvc - ok
23:45:41.0949 6620 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:45:41.0955 6620 Winmgmt - ok
23:45:42.0095 6620 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:45:42.0149 6620 WinRM - ok
23:45:42.0299 6620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:45:42.0319 6620 WinUsb - ok
23:45:42.0401 6620 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:45:42.0426 6620 Wlansvc - ok
23:45:42.0523 6620 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:45:42.0543 6620 wlcrasvc - ok
23:45:42.0753 6620 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:45:42.0803 6620 wlidsvc - ok
23:45:42.0909 6620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:45:42.0917 6620 WmiAcpi - ok
23:45:42.0988 6620 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:45:43.0007 6620 wmiApSrv - ok
23:45:43.0051 6620 WMPNetworkSvc - ok
23:45:43.0097 6620 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:45:43.0110 6620 WPCSvc - ok
23:45:43.0139 6620 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:45:43.0148 6620 WPDBusEnum - ok
23:45:43.0182 6620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:43.0192 6620 ws2ifsl - ok
23:45:43.0219 6620 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:45:43.0226 6620 wscsvc - ok
23:45:43.0236 6620 WSearch - ok
23:45:43.0417 6620 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:45:43.0463 6620 wuauserv - ok
23:45:43.0578 6620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:45:43.0599 6620 WudfPf - ok
23:45:43.0646 6620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:43.0662 6620 WUDFRd - ok
23:45:43.0698 6620 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:45:43.0704 6620 wudfsvc - ok
23:45:43.0732 6620 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:45:43.0754 6620 WwanSvc - ok
23:45:43.0796 6620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:45:44.0022 6620 \Device\Harddisk0\DR0 - ok
23:45:44.0043 6620 Boot (0x1200) (509c9f3d28a67f85d41398e336dd9a94) \Device\Harddisk0\DR0\Partition0
23:45:44.0045 6620 \Device\Harddisk0\DR0\Partition0 - ok
23:45:44.0071 6620 Boot (0x1200) (9f6fc068c0f6ae77123acdac92c54c67) \Device\Harddisk0\DR0\Partition1
23:45:44.0073 6620 \Device\Harddisk0\DR0\Partition1 - ok
23:45:44.0075 6620 ============================================================
23:45:44.0075 6620 Scan finished
23:45:44.0075 6620 ============================================================
23:45:44.0105 5228 Detected object count: 0
23:45:44.0105 5228 Actual detected object count: 0
23:45:52.0014 6308 Deinitialize success
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby confused63 » June 20th, 2012, 7:22 pm

Sorry!

My laptop stopped working and I pressed the send button again and then restarted the laptop and now notice the reply went up twice, I don't know how to delete the second one....

The ADWARE.Gen is in the quarantine I don't' know how to cut and paste the whole pathway where it is, but it said it is in my downloads and it is called audacity.exe one is in the recycle bin.

Hope this is helpful.
Thank you
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby maxi » June 20th, 2012, 7:57 pm

Hi, I'm very sorry I gave you the wrong speech :shock: The right one is below :)


OTL
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post both logs in your next reply :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: ADWARE.Gen

Unread postby confused63 » June 20th, 2012, 8:27 pm

Hi Maxi,

No worries, we all make mistakes it shows you are human. :)

Here are the logs:


OTL logfile created on: 21/06/2012 01:06:00 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Paglam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.61 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 56.11% Memory free
7.21 Gb Paging File | 5.12 Gb Available in Paging File | 71.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 229.91 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 286.17 Gb Free Space | 96.13% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paglam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 01:01:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/08 22:40:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 22:40:15 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 22:40:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/14 14:53:41 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/02/03 18:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/12/20 07:28:04 | 001,269,800 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe
PRC - [2011/11/23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/02/14 16:12:15 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/14 14:53:41 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/12/20 07:28:04 | 001,269,800 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe
MOD - [2011/11/23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2011/11/23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2011/11/23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2011/11/23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2011/11/23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2011/11/23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2011/11/23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2011/11/23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2011/11/23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2011/11/23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2011/11/23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2011/11/23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2011/11/23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011/09/27 19:33:24 | 002,552,320 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtCore4.dll
MOD - [2011/09/27 19:33:24 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtXml4.dll
MOD - [2011/09/27 19:33:22 | 009,869,824 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtGui4.dll
MOD - [2011/09/27 19:33:22 | 002,178,048 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtScript4.dll
MOD - [2011/09/27 19:33:22 | 001,215,488 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtNetwork4.dll
MOD - [2011/09/27 19:33:20 | 000,351,744 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qmng4.dll
MOD - [2011/09/27 19:33:20 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qjpeg4.dll
MOD - [2011/09/27 19:33:20 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qico4.dll
MOD - [2011/09/27 19:33:20 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qgif4.dll
MOD - [2011/08/17 11:55:20 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\libgcc_s_dw2-1.dll
MOD - [2011/08/17 11:55:20 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\mingwm10.dll
MOD - [2011/08/14 03:54:18 | 000,735,744 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avformat-52.dll
MOD - [2011/08/14 03:54:18 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\swscale-0.dll
MOD - [2011/08/14 03:54:18 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avutil-50.dll
MOD - [2011/08/14 03:54:00 | 004,981,760 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avcodec-52.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/28 23:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 23:44:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 22:40:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 22:40:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/11/17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/08 22:40:19 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 22:40:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/22 13:32:41 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/09/16 17:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/29 01:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 23:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 18:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 11:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/30 21:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TEUA
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109985&tt ... 3170b2162b
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109985&tt=090212_noffx&babsrc=SP_ss&mntrId=7ee39b1d000000000000743170b2162b
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB471
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paglam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paglam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/26 11:23:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Calendar = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlmhkflbgjoeeophdjheadfljoielhi\1.1_0\
CHR - Extension: YouTube = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Tumblr = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coahlfgeffoggllekbkoaplamkoabgdd\1.2_0\
CHR - Extension: Google Search = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: SiteAdvisor = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Bulk Download Images-zzllrr Imager Geek = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk\1.8.3.17_0\
CHR - Extension: Image Editor = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpmiiljecfochofpifaegnhilaoknbe\1.1_0\
CHR - Extension: TweetDeck = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.4_0\
CHR - Extension: Yahoo! Mail = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhmflokkipfgcajmajneeebfjhkidlo\1.2_0\
CHR - Extension: Hojoki = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjcgdcbhobdcojhnabjlholpbdmnpaa\0.23_0\
CHR - Extension: Google +1 Button = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: WordPress.com = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [SimpleShare] C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe ()
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{950DF892-A121-4ACD-90A3-96E8B7996FC8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA8AF50F-1F07-49CE-95E3-7418750642E5}: DhcpNameServer = 100.100.0.102
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://Northernnet.co.uk/usb
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 01:01:23 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
[2012/06/20 23:34:43 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paglam\Desktop\tdsskiller.exe
[2012/06/20 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{64798C07-0765-4BF7-854C-C7D46A60BABA}
[2012/06/20 11:01:55 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4D11A5F7-13F0-44CB-9C37-A48F2122C56C}
[2012/06/19 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Spiritual-Ritual
[2012/06/19 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\samsung
[2012/06/19 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Publicity
[2012/06/19 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\PDF
[2012/06/19 11:19:47 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Mailing lists
[2012/06/19 11:19:41 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\From MOBILE
[2012/06/19 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Eight Steps to Happiness The Buddhist Way of Loving Kindness
[2012/06/19 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Dharma
[2012/06/19 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Camilla
[2012/06/19 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\BoxNet
[2012/06/19 11:15:12 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Box SimpleShare
[2012/06/19 11:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Box
[2012/06/19 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\My Books
[2012/06/19 10:29:41 | 000,000,000 | R--D | C] -- C:\Users\Paglam\Desktop\Documents
[2012/06/19 10:15:55 | 000,000,000 | ---D | C] -- C:\Log
[2012/06/19 10:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/19 10:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery - Home
[2012/06/19 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[2012/06/18 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{E277DE71-9C53-4EB6-85EB-0802C1D64AAC}
[2012/06/14 17:51:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 17:51:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 17:51:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 17:51:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 17:51:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 17:51:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 17:51:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 17:51:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 17:51:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 17:51:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 17:51:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 17:51:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 17:51:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 09:03:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 09:03:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 09:03:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 09:02:41 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 09:02:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 09:02:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 09:02:32 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 09:02:14 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 09:02:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 08:55:40 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{BDF65540-2FEB-4DE2-8864-E15076728FCD}
[2012/06/14 08:55:18 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{0358BE02-18E3-43D3-8809-FD80A5248174}
[2012/06/13 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D796993A-D7C1-4DAC-BB69-92C45860F0BD}
[2012/06/13 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{EC100B34-4D2D-4940-8479-C01C873FE55E}
[2012/06/12 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Roaming\Audacity
[2012/06/12 12:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/06/04 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{9271F1F9-01D1-4E28-8D72-6F6A4EA31BC5}
[2012/06/04 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D7FADAC4-7F18-4551-A375-A5ED20426B1E}
[2012/06/02 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4E16A4DE-2901-4E53-B0C2-C5706E5F7028}
[2012/06/02 12:18:30 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{11894A8B-2835-41C3-8A39-B044C3DDCDD1}
[2012/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{ECEAD1B7-E842-4C2A-B60E-7BA5621EFECF}
[2012/06/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{7214B186-6D99-4393-92C2-194ED00C790D}
[2012/05/31 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{918FBBB0-561B-4782-BC64-1DEA787188E0}
[2012/05/31 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{73C01156-64E4-4585-BA1D-D002FBB06CA1}
[2012/05/28 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D90BBF9B-1B9B-4C9B-9C53-6F184EE068B6}
[2012/05/28 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{21145E3E-4E3A-4871-9219-272E0C2AAFAC}
[2012/05/26 12:14:55 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/26 11:53:52 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{2E4229C6-21C2-40E3-ACE0-CC11100379EC}
[2012/05/26 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{C0E9A5D8-16E7-4ACF-AB4F-BA552F54E78B}

========== Files - Modified Within 30 Days ==========

[2012/06/21 01:01:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
[2012/06/21 00:55:43 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 00:52:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3341176584-4209077168-1830186119-1001UA.job
[2012/06/21 00:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 00:21:06 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 00:21:06 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 00:14:38 | 000,001,100 | ---- | M] () -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/06/21 00:12:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 00:11:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 00:11:42 | 2903,220,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 23:34:52 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paglam\Desktop\tdsskiller.exe
[2012/06/20 23:10:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/20 23:10:22 | 000,628,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/20 23:10:22 | 000,110,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/20 10:52:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3341176584-4209077168-1830186119-1001Core.job
[2012/06/19 11:15:12 | 000,002,973 | ---- | M] () -- C:\Users\Paglam\Desktop\Box SimpleShare.lnk
[2012/06/19 10:24:15 | 000,000,070 | ---- | M] () -- C:\Windows\spwdrhsa.INI
[2012/06/19 10:15:26 | 000,001,221 | ---- | M] () -- C:\Users\Paglam\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2012/06/14 19:14:38 | 000,294,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:49:42 | 000,022,272 | ---- | M] () -- C:\Users\Paglam\Desktop\Becomign closer to Dorje Shugden.odt
[2012/06/12 16:35:48 | 001,694,289 | ---- | M] () -- C:\Users\Paglam\Desktop\carry on.jpg
[2012/06/12 12:08:05 | 000,001,018 | ---- | M] () -- C:\Users\Paglam\Desktop\Audacity.lnk
[2012/06/12 10:11:03 | 000,002,413 | ---- | M] () -- C:\Users\Paglam\Desktop\Google Chrome.lnk
[2012/06/11 18:57:19 | 000,022,632 | ---- | M] () -- C:\Users\Paglam\Desktop\Traintickets ulv.odt
[2012/06/09 08:48:04 | 000,001,057 | ---- | M] () -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 08:47:17 | 000,001,027 | ---- | M] () -- C:\Users\Paglam\Desktop\Dropbox.lnk
[2012/06/08 09:06:43 | 000,013,497 | ---- | M] () -- C:\Users\Paglam\Desktop\Bookings.odt
[2012/06/07 15:43:27 | 000,020,526 | ---- | M] () -- C:\Users\Paglam\Desktop\Contacting people in the community re publicity for 30 June event (1).odt
[2012/06/02 20:28:54 | 000,143,670 | ---- | M] () -- C:\Users\Paglam\Desktop\Print Screen.odt
[2012/05/29 10:59:18 | 000,015,856 | ---- | M] () -- C:\Users\Paglam\Desktop\Friends Key Holder form.odt
[2012/05/28 19:16:11 | 000,191,282 | ---- | M] () -- C:\Users\Paglam\Desktop\KMC Toronto.jpg
[2012/05/28 17:11:19 | 000,226,460 | ---- | M] () -- C:\Users\Paglam\Desktop\MBManEventJune2012banner94x30mmv2.jpg
[2012/05/28 17:00:55 | 000,036,570 | ---- | M] () -- C:\Users\Paglam\Desktop\relax and let go.jpg
[2012/05/28 16:53:16 | 000,034,663 | ---- | M] () -- C:\Users\Paglam\Desktop\GP classes.jpg
[2012/05/28 16:52:59 | 000,059,943 | ---- | M] () -- C:\Users\Paglam\Desktop\Secret of happy life.jpg
[2012/05/27 22:34:29 | 000,016,420 | ---- | M] () -- C:\Users\Paglam\Documents\Contact details Ordained Sangha and Wed FP.odt
[2012/05/26 14:17:51 | 000,009,694 | ---- | M] () -- C:\Users\Paglam\Desktop\Empowerment Reqeust.odt

========== Files Created - No Company Name ==========

[2012/06/19 11:19:06 | 000,042,241 | ---- | C] () -- C:\Users\Paglam\Documents\nineeleven.odt
[2012/06/19 11:19:05 | 000,016,420 | ---- | C] () -- C:\Users\Paglam\Documents\Contact details Ordained Sangha and Wed FP.odt
[2012/06/19 11:15:12 | 000,002,973 | ---- | C] () -- C:\Users\Paglam\Desktop\Box SimpleShare.lnk
[2012/06/19 10:15:26 | 000,001,221 | ---- | C] () -- C:\Users\Paglam\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2012/06/19 10:15:26 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhsa.INI
[2012/06/13 12:49:31 | 000,022,272 | ---- | C] () -- C:\Users\Paglam\Desktop\Becomign closer to Dorje Shugden.odt
[2012/06/12 16:35:28 | 001,694,289 | ---- | C] () -- C:\Users\Paglam\Desktop\carry on.jpg
[2012/06/12 12:08:05 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/06/12 12:08:05 | 000,001,018 | ---- | C] () -- C:\Users\Paglam\Desktop\Audacity.lnk
[2012/06/11 18:57:15 | 000,022,632 | ---- | C] () -- C:\Users\Paglam\Desktop\Traintickets ulv.odt
[2012/06/07 15:43:24 | 000,020,526 | ---- | C] () -- C:\Users\Paglam\Desktop\Contacting people in the community re publicity for 30 June event (1).odt
[2012/06/02 20:28:51 | 000,143,670 | ---- | C] () -- C:\Users\Paglam\Desktop\Print Screen.odt
[2012/05/29 10:51:23 | 000,015,856 | ---- | C] () -- C:\Users\Paglam\Desktop\Friends Key Holder form.odt
[2012/05/28 19:16:18 | 000,191,282 | ---- | C] () -- C:\Users\Paglam\Desktop\KMC Toronto.jpg
[2012/05/28 17:11:26 | 000,226,460 | ---- | C] () -- C:\Users\Paglam\Desktop\MBManEventJune2012banner94x30mmv2.jpg
[2012/05/28 17:01:06 | 000,036,570 | ---- | C] () -- C:\Users\Paglam\Desktop\relax and let go.jpg
[2012/05/28 16:53:24 | 000,034,663 | ---- | C] () -- C:\Users\Paglam\Desktop\GP classes.jpg
[2012/05/28 16:53:10 | 000,059,943 | ---- | C] () -- C:\Users\Paglam\Desktop\Secret of happy life.jpg
[2012/05/26 14:17:48 | 000,009,694 | ---- | C] () -- C:\Users\Paglam\Desktop\Empowerment Reqeust.odt
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/22 14:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/12/22 13:47:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/22 13:29:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/22 13:25:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/09 13:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

< End of report >


OTL Extras logfile created on: 21/06/2012 01:06:00 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Paglam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.61 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 56.11% Memory free
7.21 Gb Paging File | 5.12 Gb Available in Paging File | 71.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 229.91 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 286.17 Gb Free Space | 96.13% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paglam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F61790-BD5F-4C8D-B2F2-164EE56E2284}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0E6C54A4-BBC5-4474-BD92-B107CDC90D75}" = lport=445 | protocol=6 | dir=in | app=system |
"{53DA6304-0534-4B86-AC4A-E81E5F0BF0BD}" = lport=137 | protocol=17 | dir=in | app=system |
"{55624B42-0503-4DD3-B804-D0DA43991EE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F639B19-57F8-4C5A-8B6A-1DDF90EA5166}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81794819-4CB5-4F77-9096-B28D33B31489}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F3C3136-6D18-4B2C-A679-8CC38120FFEC}" = lport=138 | protocol=17 | dir=in | app=system |
"{9B7AC5F2-58F9-4A88-A940-14BA90D45B81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C4B7C4C-F7CA-4DB7-9560-1048A8B48FA7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9EADDE0D-A4E0-4AD1-A0FE-4503CA553D93}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0E3694B-2F0E-4476-860C-DFC3CE3580C5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A3E4C3A4-D665-4DEC-B19F-B0FDA2E53BCA}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7B4DE68-10B7-4905-A813-C5D705843439}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACB94CEC-9078-4FE1-A160-953652691D1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD0A8508-8B37-4765-BC8D-6073A42FFF30}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1CD064E-7363-4D8B-9F19-78F2C17D1BAD}" = rport=139 | protocol=6 | dir=out | app=system |
"{B21BED3D-0545-4DD4-8111-6FE4F70FC90C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5BD6D3D-8E63-44A8-8161-0975F5A509DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C347AF8B-21D8-47E6-B58B-4DFC1198BAEA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E6B18071-A4FB-453D-AF03-1F218E1DAF1E}" = rport=137 | protocol=17 | dir=out | app=system |
"{E7825D70-768C-4C8A-A4B3-40B346C83D24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3B62247-4F7A-4FDC-8EA3-03751C3C244E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F57EEC56-97B3-4FFC-BA71-B9B87A18B671}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057BB517-A3E6-4394-AC8B-4C3C101C0CF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B9E01D7-7C8C-42AA-AACC-DCCBAE530539}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{160E0209-EEB6-48C3-855C-9CA824B20ECB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{209889B2-69F8-461E-B659-BA6148028DD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25537675-6D95-4A9B-B706-6433F84A5409}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{274AAA3D-C8E4-4CDE-BB1A-86593804844E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2DBB4A65-22FE-42E0-AC0A-9CF807A4BBEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39F66F0A-618E-4E93-84D6-FF987D5DEFA8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3B03EAFD-3B7C-4019-B091-D7336CC82B42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60B2F539-D4B7-4CBD-8CF2-E12B5ABEA9C0}" = protocol=6 | dir=out | app=system |
"{707279F2-D5D3-4ED6-AEA3-DCDC6FE5CAE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{77035DB1-7719-48B1-9E53-48DC7B22D70D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C99E077-DCC7-4DB8-BCA4-C24269ED9D5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FC4BC8F-1848-449A-9E50-0A37DA88AF57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E45A204-0EE6-432E-B33D-23E9CAE60B14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9ED88BF6-D797-444A-81BE-BFC32271C88D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4EE6B5E-D679-4FEF-BC8C-D03FE292EA69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1048482-74D1-4476-BB74-DC2F6842E3D3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD8B9042-41A3-4E9F-92C7-0DDCFDA56C0D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CBE36700-578F-4870-8274-5997EF483D89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD491F10-F111-4E2D-92D9-E48838A4C136}" = protocol=17 | dir=in | app=c:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe |
"{DC32CE90-CFF1-4B0B-B918-044D517866C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DEB42EB1-F221-4000-8A18-A65B754B185C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E01F0BEE-4B6B-44A3-910C-38883DABF0E7}" = protocol=6 | dir=in | app=c:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe |
"{E62145B3-75B7-4549-B1F6-6552DAE50C05}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E679903A-AA26-45C5-8F9F-7903C325A33A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E6DDC7D4-C36A-49DF-B3C9-F7E1F92853FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8C4E5BB-F649-49BE-879C-47CFE4560645}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{EC31D7A3-023E-4966-8036-9BE29F5D5E70}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{E60D7DD4-694C-4A26-8D29-6EEBCABC7760}C:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2A7DE3D7-2C98-49DE-8CA5-53B17917F348}C:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\paglam\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6167672A-758D-9960-C32C-47A15E180A70}" = ATI Catalyst Install Manager
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D90334-5A27-22AA-0CC9-BB2E7FE4608E}" = ccc-utility64
"{B0CF6A06-8D6E-3C49-1B5E-75027D2AB2FB}" = AMD Media Foundation Decoders
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019A5307-B53F-DEC7-BF70-E20C2A121E65}" = Catalyst Control Center InstallProxy
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0582E604-075E-4B47-9EA4-AB5B6CA78B43}" = Box SimpleShare
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{094FD5E0-01D2-AAB1-027F-A80F8CAB1477}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10097883-9F66-3920-8C7E-3239E72953B3}" = CCC Help Greek
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063D199-D79F-471A-9019-9E647296394D}" = Nero Multimedia Suite 10 Essentials
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23DECD57-2D3E-59DE-215C-9B2118FFF9C1}" = CCC Help Korean
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24C934DB-D7F8-797E-8937-BF9BA23F1128}" = Catalyst Control Center Graphics Previews Common
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29A4049F-58A7-E0D9-991D-A1A672E51EFE}" = CCC Help Thai
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{2E823133-4B6B-60A4-43F4-E586F01FCCCA}" = AMD VISION Engine Control Center
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E1C0066-D04D-863E-3381-9FD232A888A2}" = CCC Help Portuguese
"{401E17B0-7A9E-3173-42B6-B3A780A2934A}" = CCC Help German
"{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54B80F68-3A7C-1931-AFE8-CA9BABC3EC4D}" = CCC Help English
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68625052-E88D-8598-3E83-9AE6B5D6394D}" = Catalyst Control Center Localization All
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BABB47D-F46A-4AD1-8548-4C6292232D18}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9158DA86-4AC8-6EA5-20B1-36B3F9CF6497}" = CCC Help Czech
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{988C14A1-37AC-EB3F-B607-DED60CEE16E8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A713F0C-D077-9B5F-4E0D-D21657387965}" = CCC Help Dutch
"{9A828AEE-658C-0AA0-7B13-83CC644A7E97}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B09443E0-838F-6C14-83E4-DFF68F25D688}" = CCC Help Japanese
"{B946C4A5-E889-D859-AAB1-DE0C00902115}" = CCC Help Russian
"{C1F6CAC5-20D3-C4AA-B867-0836493AB636}" = CCC Help Turkish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA8EF8F2-AF33-253B-7A5E-51E7B1AA6E42}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED61893-3D8D-C863-5913-AACB740063C2}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EAE8B2AB-DDD1-3F5E-42F5-EB54BAE8A7BE}" = CCC Help Swedish
"{ED7B4752-749D-3BA8-2CEB-5AC5A7FADF36}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EE99A545-DFC9-EF57-5EDC-43F7B6855AB3}" = CCC Help Danish
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F510D82F-CD6A-0983-EF06-66004AC50565}" = CCC Help Chinese Standard
"{F52618B2-A995-4F8D-A6C8-9E235A470C68}" = TOSHIBA ConfigFree
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCB1966E-4ACF-6648-8E7C-0D8C2EE573CA}" = CCC Help Norwegian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"ExpressRip" = Express Rip
"ExpressZip" = Express Zip File Compression Software
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{43DBC64B-3DD1-47E2-8788-D3C3B110C574}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Stellar Phoenix Windows Data Recovery - Home_is1" = Stellar Phoenix Windows Data Recovery - Home
"Switch" = Switch Sound File Converter
"WavePad" = WavePad Sound Editor
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-09336d28-c466-4069-a08f-723c617ffcf2" = Polar Bowler
"WTA-0d7c4320-706f-4d74-b91e-7e6709fdd64d" = Diner Dash 2 Restaurant Rescue
"WTA-291ce1b6-3964-4a75-ae59-ba583162f06e" = Bejeweled 3
"WTA-3070b09d-cd40-4fc1-b913-8bb707bc1846" = Wedding Dash 2 - Rings Around the World
"WTA-358d7533-caa6-4bac-a8a5-08a88d3bbff0" = Final Drive: Nitro
"WTA-46f16870-2347-4480-b267-22170283889d" = Insaniquarium Deluxe
"WTA-6aceebd8-9977-4cb8-92ba-65ec5f1d22e0" = Slingo Deluxe
"WTA-7a751f9b-6581-4cc8-ba1c-17013ace1ac1" = FATE
"WTA-83916957-74c2-4629-a64f-0b48adcc4337" = Zuma Deluxe
"WTA-8a4f2211-3cf0-44ef-9012-625033d63774" = Bejeweled 2 Deluxe
"WTA-8aae8c18-c4cf-4576-aa00-c53e35cd0463" = Penguins!
"WTA-8e06b910-a1fa-40ad-a332-38a115e76fae" = Chuzzle Deluxe
"WTA-9f6a4d9c-837d-4cf7-bd17-dbca38710391" = Chicken Invaders 3 - Revenge of the Yolk
"WTA-b6ed4634-4ffb-4604-bef5-e0190f3d3522" = Plants vs. Zombies - Game of the Year

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2012 07:37:38 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 10/05/2012 04:20:39 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 10/05/2012 17:26:16 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 11/05/2012 15:11:57 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 12/05/2012 04:13:05 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 14/05/2012 04:02:38 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 23/05/2012 17:40:26 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 24/05/2012 08:30:33 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 25/05/2012 06:53:09 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

Error - 26/05/2012 03:36:49 | Computer Name = TOSHIBA | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 18/06/2012 14:26:22 | Computer Name = TOSHIBA | Source = bowser | ID = 8003
Description =

Error - 18/06/2012 19:30:00 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 19/06/2012 04:15:00 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 19/06/2012 04:17:36 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 19/06/2012 11:13:28 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 20/06/2012 19:10:43 | Computer Name = TOSHIBA | Source = DCOM | ID = 10010
Description =

Error - 20/06/2012 19:13:26 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 20/06/2012 19:13:27 | Computer Name = TOSHIBA | Source = DCOM | ID = 10005
Description =

Error - 20/06/2012 19:13:27 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 20/06/2012 19:15:37 | Computer Name = TOSHIBA | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.


< End of report >
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby maxi » June 21st, 2012, 10:42 am

Hi confused,

Please create a System Restore Point like you did above.

Step 1

OTL - Run Fix Script
You should still have this on your desktop, if so, ignore the download instructions.
Please download OTL.exe by Old Timer and save it to your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Underneath Output at the top, make sure Minimal Output is selected.
  4. Under the Standard Registry box change it to All.
  5. Check/tick the boxes beside LOP Check and Purity Check.
  6. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    
    IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109985&tt ... 3170b2162b
    IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109985&tt=090212_noffx&babsrc=SP_ss&mntrId=7ee39b1d000000000000743170b2162b
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    [2012/06/20 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{64798C07-0765-4BF7-854C-C7D46A60BABA}
    [2012/06/20 11:01:55 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4D11A5F7-13F0-44CB-9C37-A48F2122C56C}
    [2012/06/18 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{E277DE71-9C53-4EB6-85EB-0802C1D64AAC}
    [2012/06/14 08:55:40 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{BDF65540-2FEB-4DE2-8864-E15076728FCD}
    [2012/06/14 08:55:18 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{0358BE02-18E3-43D3-8809-FD80A5248174}
    [2012/06/13 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D796993A-D7C1-4DAC-BB69-92C45860F0BD}
    [2012/06/13 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{EC100B34-4D2D-4940-8479-C01C873FE55E}
    [2012/06/04 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{9271F1F9-01D1-4E28-8D72-6F6A4EA31BC5}
    [2012/06/04 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D7FADAC4-7F18-4551-A375-A5ED20426B1E}
    [2012/06/02 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4E16A4DE-2901-4E53-B0C2-C5706E5F7028}
    [2012/06/02 12:18:30 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{11894A8B-2835-41C3-8A39-B044C3DDCDD1}
    [2012/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{ECEAD1B7-E842-4C2A-B60E-7BA5621EFECF}
    [2012/06/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{7214B186-6D99-4393-92C2-194ED00C790D}
    [2012/05/31 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{918FBBB0-561B-4782-BC64-1DEA787188E0}
    [2012/05/31 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{73C01156-64E4-4585-BA1D-D002FBB06CA1}
    [2012/05/28 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D90BBF9B-1B9B-4C9B-9C53-6F184EE068B6}
    [2012/05/28 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{21145E3E-4E3A-4871-9219-272E0C2AAFAC}
    [2012/05/26 11:53:52 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{2E4229C6-21C2-40E3-ACE0-CC11100379EC}
    [2012/05/26 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{C0E9A5D8-16E7-4ACF-AB4F-BA552F54E78B}
    
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  7. Click under the Custom Scan/Fixes box and paste the copied text.
  8. Click the Run Fix button. If prompted... click OK.
  9. OTL may ask to reboot the machine. Please do so if asked.
  10. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  11. Please post the contents of report in your next reply.


Step 2

SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries from Code Box into SystemLook's main text entry window.
    Code: Select all
     :filefind
    *Babylon*
    
    :folderfind
    *Babylon*
    
    :regfind
    Babylon
    
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.


Step 3

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:

The OTL logfile.
The Systemlook logfile.
The eset logfile
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: ADWARE.Gen

Unread postby confused63 » June 22nd, 2012, 4:58 am

Hi Maxi,

I have the two first logs, but the 3rd scan stopped during the night at 49% (and it found no viruses up to there) I think it is because when my laptop isn't used it goes more or less to sleep, I don't know how to avoid this. Do you have any suggestions?

Here are the two logs that I managed to complete.


OTL logfile created on: 21/06/2012 01:06:00 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Paglam\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.61 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 56.11% Memory free
7.21 Gb Paging File | 5.12 Gb Available in Paging File | 71.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 229.91 Gb Free Space | 77.13% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 286.17 Gb Free Space | 96.13% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: Paglam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 01:01:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/08 22:40:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 22:40:15 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 22:40:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/18 08:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/14 14:53:41 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
PRC - [2012/02/03 18:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/12/20 07:28:04 | 001,269,800 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe
PRC - [2011/11/23 09:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/15 20:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 09:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 09:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 09:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 09:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 09:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 09:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 09:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/02/14 16:12:15 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/14 14:53:41 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
MOD - [2011/12/20 07:28:04 | 001,269,800 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe
MOD - [2011/11/23 10:00:00 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2011/11/23 09:59:08 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2011/11/23 09:58:18 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2011/11/23 09:57:28 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2011/11/23 09:57:26 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2011/11/23 09:57:24 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2011/11/23 09:57:24 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2011/11/23 09:57:22 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2011/11/23 09:57:20 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2011/11/23 09:56:02 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2011/11/23 09:55:58 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2011/11/23 09:55:56 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2011/11/23 09:55:26 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 23:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 21:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011/09/27 19:33:24 | 002,552,320 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtCore4.dll
MOD - [2011/09/27 19:33:24 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtXml4.dll
MOD - [2011/09/27 19:33:22 | 009,869,824 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtGui4.dll
MOD - [2011/09/27 19:33:22 | 002,178,048 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtScript4.dll
MOD - [2011/09/27 19:33:22 | 001,215,488 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\QtNetwork4.dll
MOD - [2011/09/27 19:33:20 | 000,351,744 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qmng4.dll
MOD - [2011/09/27 19:33:20 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qjpeg4.dll
MOD - [2011/09/27 19:33:20 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qico4.dll
MOD - [2011/09/27 19:33:20 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\plugins\imageformats\qgif4.dll
MOD - [2011/08/17 11:55:20 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\libgcc_s_dw2-1.dll
MOD - [2011/08/17 11:55:20 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\mingwm10.dll
MOD - [2011/08/14 03:54:18 | 000,735,744 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avformat-52.dll
MOD - [2011/08/14 03:54:18 | 000,135,680 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\swscale-0.dll
MOD - [2011/08/14 03:54:18 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avutil-50.dll
MOD - [2011/08/14 03:54:00 | 004,981,760 | ---- | M] () -- C:\Program Files (x86)\Box\SimpleShare\avcodec-52.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/06/28 23:49:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 14:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/10 23:44:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/08 22:40:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 22:40:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/11/17 23:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @c:\Program Files (x86)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/07/01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/08 22:40:19 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 22:40:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/22 13:32:41 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/12/08 05:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 05:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 05:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/09/16 17:09:16 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/29 01:12:30 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/28 23:11:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 18:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 11:56:44 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/30 21:34:42 | 001,393,712 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/08/14 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/14 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=TEUA
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109985&tt ... 3170b2162b
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=109985&tt=090212_noffx&babsrc=SP_ss&mntrId=7ee39b1d000000000000743170b2162b
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TEUA_enGB471
IE - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paglam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paglam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/26 11:23:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Reader Application Detector (Enabled) = C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Calendar = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\amlmhkflbgjoeeophdjheadfljoielhi\1.1_0\
CHR - Extension: YouTube = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.9_0\
CHR - Extension: Tumblr = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coahlfgeffoggllekbkoaplamkoabgdd\1.2_0\
CHR - Extension: Google Search = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: SiteAdvisor = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Bulk Download Images-zzllrr Imager Geek = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk\1.8.3.17_0\
CHR - Extension: Image Editor = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkpmiiljecfochofpifaegnhilaoknbe\1.1_0\
CHR - Extension: TweetDeck = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.4_0\
CHR - Extension: Yahoo! Mail = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhmflokkipfgcajmajneeebfjhkidlo\1.2_0\
CHR - Extension: Hojoki = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjcgdcbhobdcojhnabjlholpbdmnpaa\0.23_0\
CHR - Extension: Google +1 Button = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: WordPress.com = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\Paglam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [SimpleShare] C:\Program Files (x86)\Box\SimpleShare\simpleshare.exe ()
O4 - HKU\S-1-5-21-3341176584-4209077168-1830186119-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Paglam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{950DF892-A121-4ACD-90A3-96E8B7996FC8}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA8AF50F-1F07-49CE-95E3-7418750642E5}: DhcpNameServer = 100.100.0.102
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://Northernnet.co.uk/usb
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 01:01:23 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
[2012/06/20 23:34:43 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paglam\Desktop\tdsskiller.exe
[2012/06/20 11:02:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{64798C07-0765-4BF7-854C-C7D46A60BABA}
[2012/06/20 11:01:55 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4D11A5F7-13F0-44CB-9C37-A48F2122C56C}
[2012/06/19 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Spiritual-Ritual
[2012/06/19 11:19:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\samsung
[2012/06/19 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Publicity
[2012/06/19 11:19:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\PDF
[2012/06/19 11:19:47 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Mailing lists
[2012/06/19 11:19:41 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\From MOBILE
[2012/06/19 11:19:35 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Eight Steps to Happiness The Buddhist Way of Loving Kindness
[2012/06/19 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Dharma
[2012/06/19 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\Camilla
[2012/06/19 11:18:23 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\BoxNet
[2012/06/19 11:15:12 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Box SimpleShare
[2012/06/19 11:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Box
[2012/06/19 10:51:31 | 000,000,000 | ---D | C] -- C:\Users\Paglam\Documents\My Books
[2012/06/19 10:29:41 | 000,000,000 | R--D | C] -- C:\Users\Paglam\Desktop\Documents
[2012/06/19 10:15:55 | 000,000,000 | ---D | C] -- C:\Log
[2012/06/19 10:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/19 10:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery - Home
[2012/06/19 10:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[2012/06/18 17:03:48 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{E277DE71-9C53-4EB6-85EB-0802C1D64AAC}
[2012/06/14 17:51:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 17:51:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 17:51:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 17:51:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 17:51:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 17:51:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 17:51:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 17:51:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 17:51:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 17:51:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 17:51:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 17:51:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 17:51:06 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 09:03:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 09:03:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 09:03:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 09:02:41 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 09:02:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 09:02:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 09:02:32 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 09:02:14 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 09:02:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/14 08:55:40 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{BDF65540-2FEB-4DE2-8864-E15076728FCD}
[2012/06/14 08:55:18 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{0358BE02-18E3-43D3-8809-FD80A5248174}
[2012/06/13 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D796993A-D7C1-4DAC-BB69-92C45860F0BD}
[2012/06/13 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{EC100B34-4D2D-4940-8479-C01C873FE55E}
[2012/06/12 12:08:14 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Roaming\Audacity
[2012/06/12 12:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/06/04 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{9271F1F9-01D1-4E28-8D72-6F6A4EA31BC5}
[2012/06/04 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D7FADAC4-7F18-4551-A375-A5ED20426B1E}
[2012/06/02 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{4E16A4DE-2901-4E53-B0C2-C5706E5F7028}
[2012/06/02 12:18:30 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{11894A8B-2835-41C3-8A39-B044C3DDCDD1}
[2012/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{ECEAD1B7-E842-4C2A-B60E-7BA5621EFECF}
[2012/06/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{7214B186-6D99-4393-92C2-194ED00C790D}
[2012/05/31 14:34:05 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{918FBBB0-561B-4782-BC64-1DEA787188E0}
[2012/05/31 14:33:53 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{73C01156-64E4-4585-BA1D-D002FBB06CA1}
[2012/05/28 20:29:04 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{D90BBF9B-1B9B-4C9B-9C53-6F184EE068B6}
[2012/05/28 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{21145E3E-4E3A-4871-9219-272E0C2AAFAC}
[2012/05/26 12:14:55 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/05/26 11:53:52 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{2E4229C6-21C2-40E3-ACE0-CC11100379EC}
[2012/05/26 11:53:39 | 000,000,000 | ---D | C] -- C:\Users\Paglam\AppData\Local\{C0E9A5D8-16E7-4ACF-AB4F-BA552F54E78B}

========== Files - Modified Within 30 Days ==========

[2012/06/21 01:01:25 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paglam\Desktop\OTL.exe
[2012/06/21 00:55:43 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 00:52:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3341176584-4209077168-1830186119-1001UA.job
[2012/06/21 00:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 00:21:06 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 00:21:06 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 00:14:38 | 000,001,100 | ---- | M] () -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/06/21 00:12:17 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 00:11:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 00:11:42 | 2903,220,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/20 23:34:52 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paglam\Desktop\tdsskiller.exe
[2012/06/20 23:10:22 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/20 23:10:22 | 000,628,808 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/20 23:10:22 | 000,110,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/20 10:52:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3341176584-4209077168-1830186119-1001Core.job
[2012/06/19 11:15:12 | 000,002,973 | ---- | M] () -- C:\Users\Paglam\Desktop\Box SimpleShare.lnk
[2012/06/19 10:24:15 | 000,000,070 | ---- | M] () -- C:\Windows\spwdrhsa.INI
[2012/06/19 10:15:26 | 000,001,221 | ---- | M] () -- C:\Users\Paglam\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2012/06/14 19:14:38 | 000,294,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 12:49:42 | 000,022,272 | ---- | M] () -- C:\Users\Paglam\Desktop\Becomign closer to Dorje Shugden.odt
[2012/06/12 16:35:48 | 001,694,289 | ---- | M] () -- C:\Users\Paglam\Desktop\carry on.jpg
[2012/06/12 12:08:05 | 000,001,018 | ---- | M] () -- C:\Users\Paglam\Desktop\Audacity.lnk
[2012/06/12 10:11:03 | 000,002,413 | ---- | M] () -- C:\Users\Paglam\Desktop\Google Chrome.lnk
[2012/06/11 18:57:19 | 000,022,632 | ---- | M] () -- C:\Users\Paglam\Desktop\Traintickets ulv.odt
[2012/06/09 08:48:04 | 000,001,057 | ---- | M] () -- C:\Users\Paglam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/09 08:47:17 | 000,001,027 | ---- | M] () -- C:\Users\Paglam\Desktop\Dropbox.lnk
[2012/06/08 09:06:43 | 000,013,497 | ---- | M] () -- C:\Users\Paglam\Desktop\Bookings.odt
[2012/06/07 15:43:27 | 000,020,526 | ---- | M] () -- C:\Users\Paglam\Desktop\Contacting people in the community re publicity for 30 June event (1).odt
[2012/06/02 20:28:54 | 000,143,670 | ---- | M] () -- C:\Users\Paglam\Desktop\Print Screen.odt
[2012/05/29 10:59:18 | 000,015,856 | ---- | M] () -- C:\Users\Paglam\Desktop\Friends Key Holder form.odt
[2012/05/28 19:16:11 | 000,191,282 | ---- | M] () -- C:\Users\Paglam\Desktop\KMC Toronto.jpg
[2012/05/28 17:11:19 | 000,226,460 | ---- | M] () -- C:\Users\Paglam\Desktop\MBManEventJune2012banner94x30mmv2.jpg
[2012/05/28 17:00:55 | 000,036,570 | ---- | M] () -- C:\Users\Paglam\Desktop\relax and let go.jpg
[2012/05/28 16:53:16 | 000,034,663 | ---- | M] () -- C:\Users\Paglam\Desktop\GP classes.jpg
[2012/05/28 16:52:59 | 000,059,943 | ---- | M] () -- C:\Users\Paglam\Desktop\Secret of happy life.jpg
[2012/05/27 22:34:29 | 000,016,420 | ---- | M] () -- C:\Users\Paglam\Documents\Contact details Ordained Sangha and Wed FP.odt
[2012/05/26 14:17:51 | 000,009,694 | ---- | M] () -- C:\Users\Paglam\Desktop\Empowerment Reqeust.odt

========== Files Created - No Company Name ==========

[2012/06/19 11:19:06 | 000,042,241 | ---- | C] () -- C:\Users\Paglam\Documents\nineeleven.odt
[2012/06/19 11:19:05 | 000,016,420 | ---- | C] () -- C:\Users\Paglam\Documents\Contact details Ordained Sangha and Wed FP.odt
[2012/06/19 11:15:12 | 000,002,973 | ---- | C] () -- C:\Users\Paglam\Desktop\Box SimpleShare.lnk
[2012/06/19 10:15:26 | 000,001,221 | ---- | C] () -- C:\Users\Paglam\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2012/06/19 10:15:26 | 000,000,070 | ---- | C] () -- C:\Windows\spwdrhsa.INI
[2012/06/13 12:49:31 | 000,022,272 | ---- | C] () -- C:\Users\Paglam\Desktop\Becomign closer to Dorje Shugden.odt
[2012/06/12 16:35:28 | 001,694,289 | ---- | C] () -- C:\Users\Paglam\Desktop\carry on.jpg
[2012/06/12 12:08:05 | 000,001,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/06/12 12:08:05 | 000,001,018 | ---- | C] () -- C:\Users\Paglam\Desktop\Audacity.lnk
[2012/06/11 18:57:15 | 000,022,632 | ---- | C] () -- C:\Users\Paglam\Desktop\Traintickets ulv.odt
[2012/06/07 15:43:24 | 000,020,526 | ---- | C] () -- C:\Users\Paglam\Desktop\Contacting people in the community re publicity for 30 June event (1).odt
[2012/06/02 20:28:51 | 000,143,670 | ---- | C] () -- C:\Users\Paglam\Desktop\Print Screen.odt
[2012/05/29 10:51:23 | 000,015,856 | ---- | C] () -- C:\Users\Paglam\Desktop\Friends Key Holder form.odt
[2012/05/28 19:16:18 | 000,191,282 | ---- | C] () -- C:\Users\Paglam\Desktop\KMC Toronto.jpg
[2012/05/28 17:11:26 | 000,226,460 | ---- | C] () -- C:\Users\Paglam\Desktop\MBManEventJune2012banner94x30mmv2.jpg
[2012/05/28 17:01:06 | 000,036,570 | ---- | C] () -- C:\Users\Paglam\Desktop\relax and let go.jpg
[2012/05/28 16:53:24 | 000,034,663 | ---- | C] () -- C:\Users\Paglam\Desktop\GP classes.jpg
[2012/05/28 16:53:10 | 000,059,943 | ---- | C] () -- C:\Users\Paglam\Desktop\Secret of happy life.jpg
[2012/05/26 14:17:48 | 000,009,694 | ---- | C] () -- C:\Users\Paglam\Desktop\Empowerment Reqeust.odt
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/12/22 14:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/12/22 13:47:06 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/22 13:29:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/22 13:25:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/09 13:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

< End of report >

SystemLook 30.07.11 by jpshortstuff
Log created at 22:27 on 21/06/2012 by Paglam
Administrator - Elevation successful

========== filefind ==========

Searching for "*Babylon*"
C:\Users\Paglam\AppData\Local\Babylon\Setup\Babylon.dat --a---- 11205 bytes [16:31 16/02/2012] [14:06 27/12/2011] 8E6B33A7F03E2693A614002587A35DDD

========== folderfind ==========

Searching for "*Babylon*"
C:\ProgramData\Babylon d------ [16:31 16/02/2012]
C:\Users\All Users\Babylon d------ [16:31 16/02/2012]
C:\Users\Paglam\AppData\Local\Babylon d------ [16:31 16/02/2012]
C:\Users\Paglam\AppData\Roaming\Babylon d------ [16:31 16/02/2012]

========== regfind ==========

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"

-= EOF =-
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby maxi » June 22nd, 2012, 11:26 am

Hi confused,

You have posted the wrong OTL log, the one you posted was from the first scan. What we need is the OTL fix log. It will be located here. C:\_OTL\MovedFiles ... look to see if there are any files in it. They will be named ... MMDDYYYY_HHMMSS.log ... (where MDYHMS are replaced by numbers representing the date and time the file was created)

If there is a file there for the fix you have just run, please post me the contents, if not please let me know.

Next
We will also try the eset scan again but maybe this time do it when you are around to keep an eye on it and maybe move the mouse every once and awhile :)

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: ADWARE.Gen

Unread postby confused63 » June 22nd, 2012, 1:24 pm

Hi Maxi,

Sorry about the mixup, I think I have found the right document this time. I will paste below. I will do the scan later tonight when I curb my wish to use it :lol:

Until then I paste the log here.

Thank you so much for all your help!!


All processes killed
========== OTL ==========
HKU\S-1-5-21-3341176584-4209077168-1830186119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3341176584-4209077168-1830186119-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3341176584-4209077168-1830186119-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Paglam\AppData\Local\{64798C07-0765-4BF7-854C-C7D46A60BABA} folder moved successfully.
C:\Users\Paglam\AppData\Local\{4D11A5F7-13F0-44CB-9C37-A48F2122C56C} folder moved successfully.
C:\Users\Paglam\AppData\Local\{E277DE71-9C53-4EB6-85EB-0802C1D64AAC} folder moved successfully.
C:\Users\Paglam\AppData\Local\{BDF65540-2FEB-4DE2-8864-E15076728FCD} folder moved successfully.
C:\Users\Paglam\AppData\Local\{0358BE02-18E3-43D3-8809-FD80A5248174} folder moved successfully.
C:\Users\Paglam\AppData\Local\{D796993A-D7C1-4DAC-BB69-92C45860F0BD} folder moved successfully.
C:\Users\Paglam\AppData\Local\{EC100B34-4D2D-4940-8479-C01C873FE55E} folder moved successfully.
C:\Users\Paglam\AppData\Local\{9271F1F9-01D1-4E28-8D72-6F6A4EA31BC5} folder moved successfully.
C:\Users\Paglam\AppData\Local\{D7FADAC4-7F18-4551-A375-A5ED20426B1E} folder moved successfully.
C:\Users\Paglam\AppData\Local\{4E16A4DE-2901-4E53-B0C2-C5706E5F7028} folder moved successfully.
C:\Users\Paglam\AppData\Local\{11894A8B-2835-41C3-8A39-B044C3DDCDD1} folder moved successfully.
C:\Users\Paglam\AppData\Local\{ECEAD1B7-E842-4C2A-B60E-7BA5621EFECF} folder moved successfully.
C:\Users\Paglam\AppData\Local\{7214B186-6D99-4393-92C2-194ED00C790D} folder moved successfully.
C:\Users\Paglam\AppData\Local\{918FBBB0-561B-4782-BC64-1DEA787188E0} folder moved successfully.
C:\Users\Paglam\AppData\Local\{73C01156-64E4-4585-BA1D-D002FBB06CA1} folder moved successfully.
C:\Users\Paglam\AppData\Local\{D90BBF9B-1B9B-4C9B-9C53-6F184EE068B6} folder moved successfully.
C:\Users\Paglam\AppData\Local\{21145E3E-4E3A-4871-9219-272E0C2AAFAC} folder moved successfully.
C:\Users\Paglam\AppData\Local\{2E4229C6-21C2-40E3-ACE0-CC11100379EC} folder moved successfully.
C:\Users\Paglam\AppData\Local\{C0E9A5D8-16E7-4ACF-AB4F-BA552F54E78B} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paglam
->Temp folder emptied: 2306380489 bytes
->Temporary Internet Files folder emptied: 97400578 bytes
->Java cache emptied: 3971 bytes
->Google Chrome cache emptied: 432878170 bytes
->Flash cache emptied: 80657 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 268485477 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 2464334996 bytes

Total Files Cleaned = 5,312.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06212012_221312

Files\Folders moved on Reboot...
C:\Users\Paglam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby confused63 » June 23rd, 2012, 4:21 am

Hi Maxi,

I hope this is what you want, it is not much for such a long scan...


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f1a6a62525c2554abea0be8850a906d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-23 12:19:57
# local_time=2012-06-23 01:19:57 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 8770861 8770861 0 0
# compatibility_mode=5893 16776573 100 94 18608 92867839 0 0
# compatibility_mode=8192 67108863 100 0 241 241 0 0
# scanned=129252
# found=0
# cleaned=0
# scan_time=8008
confused63
Regular Member
 
Posts: 88
Joined: March 28th, 2010, 9:55 am

Re: ADWARE.Gen

Unread postby maxi » June 23rd, 2012, 11:10 am

Hi confused63, Nearly there, well done :)

Please create a System Restore Point like you did above.

Step 1
OTL - Run Fix Script
You should still have this on your desktop,
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Underneath Output at the top, make sure Minimal Output is selected.
  4. Under the Standard Registry box change it to All.
  5. Check/tick the boxes beside LOP Check and Purity Check.
  6. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon\Babylon Client]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
    
    :Files
    C:\Users\Paglam\AppData\Local\Babylon
    C:\ProgramData\Babylon
    C:\Users\All Users\Babylon 
    C:\Users\Paglam\AppData\Roaming\Babylon 
    
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
    
  7. Click under the Custom Scan/Fixes box and paste the copied text.
  8. Click the Run Fix button. If prompted... click OK.
  9. OTL may ask to reboot the machine. Please do so if asked.
  10. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  11. Please post the contents of report in your next reply.

Step 2
Please run SystemLook again exactly like you did before and post the log in your next reply



In your next reply please post:
The OTL log.
The SystemLook log.
How your computer is running now ?

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware