Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Annoying pop-ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Annoying pop-ups

Unread postby oink » November 12th, 2012, 3:03 am

Hi. These past weeks whenever I open a website on IE I get these pop-ups that are either white blank windows or with ads in it even with the pop-up blocker on. I ran MSE, Spybot and Malware but couldn't find anything. Here's the dds log. TIA.


DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Owner at 21:22:33 on 2012-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1972 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AIM\aim.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{126D2821-5FA0-42F3-8868-F0406BF476F7} : DHCPNameServer = 208.180.42.68 208.180.42.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 198.15.104.132 http://www.google-analytics.com.
Hosts: 198.15.104.132 ad-emea.doubleclick.net.
Hosts: 198.15.104.132 http://www.statcounter.com.
Hosts: 72.29.93.243 http://www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-2-19 204288]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-9-26 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-19 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-12 1153368]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-2-19 116752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-19 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-19 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-19 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-28 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-19 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-2-19 307304]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-11 18:26:18 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{740196D8-7B6A-4F22-9A6D-0DA3C168B325}\mpengine.dll
2012-11-11 17:41:38 -------- d-----w- C:\Users\Owner\AppData\Local\{094395C4-48A6-429E-986B-C4A45B1A6014}
2012-11-11 03:59:49 -------- d-----w- C:\Users\Owner\AppData\Local\{F3A9BFEC-4299-4EA1-99F3-1396CA1749C3}
2012-11-10 16:09:59 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 15:59:23 -------- d-----w- C:\Users\Owner\AppData\Local\{3B932B3A-5BB7-4226-8EC4-81DCBAC7D30A}
2012-11-09 23:32:24 -------- d-----w- C:\Users\Owner\AppData\Local\{F337C580-2A80-4B2B-9C35-A118C10F650C}
2012-11-09 00:33:37 -------- d-----w- C:\Users\Owner\AppData\Local\{682B21F1-8F0D-4ECD-89FF-58A808EB1310}
2012-11-07 23:21:06 -------- d-----w- C:\Users\Owner\AppData\Local\{4E3B36B4-4BB6-4E5C-9327-94AC44FD4060}
2012-11-07 04:38:57 -------- d-----w- C:\Users\Owner\AppData\Local\{A8352257-D631-467E-A0EA-D7066FD54B91}
2012-11-07 04:21:29 -------- d-----w- C:\Users\Owner\AppData\Local\{063C08EC-716B-4015-88FE-262C7948C324}
2012-11-07 03:10:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-11-07 03:09:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-07 03:09:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-06 19:26:07 -------- d-----w- C:\Users\Owner\AppData\Local\{FB0A2751-39B3-4F33-AC99-E1EB795BAB65}
2012-11-05 20:24:25 -------- d-----w- C:\Users\Owner\AppData\Local\{E8AF5AB1-E8C8-49F1-9FA8-D2D09EB8D062}
2012-11-04 17:48:12 -------- d-----w- C:\Users\Owner\AppData\Local\{45E4BCB8-C168-4487-8CA3-659F30BFD35E}
2012-11-04 03:19:33 -------- d-----w- C:\Users\Owner\AppData\Local\{DAEB363F-06CA-4F08-B276-D19BA7D2D93E}
2012-11-03 15:19:07 -------- d-----w- C:\Users\Owner\AppData\Local\{284AFF7D-DFAC-45EA-81CD-4B6844D6809C}
2012-11-02 18:26:29 -------- d-----w- C:\Users\Owner\AppData\Local\{68F3EBD4-1A28-4906-B128-229BD56BFD4F}
2012-11-01 18:51:50 -------- d-----w- C:\Users\Owner\AppData\Local\{544B27A6-D002-4F04-9354-896D665031D0}
2012-10-31 18:18:42 -------- d-----w- C:\Users\Owner\AppData\Local\{BDDD820B-A831-4896-ACEA-AEDCDD549C88}
2012-10-31 03:45:23 -------- d-----w- C:\Users\Owner\AppData\Local\Diagnostics
2012-10-31 01:20:29 -------- d-----w- C:\Users\Owner\AppData\Local\{8CE378D5-F4EF-471B-B94C-731AB12B077B}
2012-10-29 18:17:17 -------- d-----w- C:\Users\Owner\AppData\Local\{F08EA8A4-BD86-4908-97BF-FF4D19337F58}
2012-10-29 01:39:58 -------- d-----w- C:\Users\Owner\AppData\Local\{9163EE48-22EC-45FF-9A67-C3119DA9E869}
2012-10-25 22:37:58 -------- d-----w- C:\Users\Owner\AppData\Local\{2C6DE0D4-7360-486C-9212-AD03861B5EB2}
2012-10-24 22:17:15 -------- d-----w- C:\Users\Owner\AppData\Local\{327895A7-DECB-46E2-88CC-5B69CEC0AA52}
2012-10-23 16:49:12 -------- d-----w- C:\Users\Owner\AppData\Local\{6C54A367-BF96-42C3-BE64-E529ED6728C9}
2012-10-23 00:57:33 -------- d-----w- C:\Users\Owner\AppData\Local\{C5027FB5-420B-468F-B0A4-85676FFC64DC}
2012-10-22 03:47:24 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1297C8C5-2575-4172-A464-836784FFAB74}\gapaengine.dll
2012-10-22 03:36:28 -------- d-----w- C:\Users\Owner\AppData\Local\{0B385C0D-8FE5-4715-8198-F0BD9A0CCA35}
2012-10-18 18:25:04 -------- d-----w- C:\Users\Owner\AppData\Local\{A15286EF-674E-4578-A718-D305F1B84AB4}
2012-10-17 23:16:57 -------- d-----w- C:\Users\Owner\AppData\Local\{361163A5-B1CE-469D-9993-9943B75EF9F9}
2012-10-15 23:35:57 -------- d-----w- C:\Users\Owner\AppData\Local\{D5E46645-8D62-4C26-8AD0-8E64D8AE1AD6}
2012-10-14 23:44:38 -------- d-----w- C:\Users\Owner\AppData\Local\{F64526B9-43BC-4257-9D64-010E99C591E0}
2012-10-13 23:44:27 -------- d-----w- C:\Users\Owner\AppData\Local\{90E5C0C2-0B63-4490-A82B-3B2602B0D80B}
.
==================== Find3M ====================
.
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 21:23:11.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/13/2012 4:09:21 PM
System Uptime: 11/11/2012 8:52:50 PM (1 hours ago)
.
Motherboard: AMD | | Torpedo
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 407.359 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 9/25/2012 6:34:29 PM - Windows Update
RP69: 9/25/2012 9:08:15 PM - Windows Update
RP70: 9/29/2012 1:12:16 PM - Windows Update
RP71: 10/1/2012 11:18:03 PM - Windows Update
RP72: 10/6/2012 3:33:16 PM - Windows Update
RP73: 10/9/2012 7:32:00 PM - Windows Update
RP74: 10/9/2012 11:51:22 PM - Windows Update
RP75: 10/13/2012 6:54:24 PM - Windows Update
RP76: 10/17/2012 6:27:06 PM - Windows Update
RP77: 10/21/2012 10:46:28 PM - Windows Update
RP78: 10/25/2012 5:48:01 PM - Windows Update
RP79: 10/28/2012 8:50:04 PM - Windows Update
RP80: 10/31/2012 11:16:02 PM - Windows Update
RP81: 11/4/2012 9:13:00 PM - Windows Update
RP82: 11/6/2012 10:18:18 PM - Restore Operation
RP83: 11/7/2012 5:31:05 PM - Windows Update
RP84: 11/11/2012 12:25:45 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 198.15.104.132 http://www.google-analytics.com.
Hosts: 198.15.104.132 ad-emea.doubleclick.net.
Hosts: 198.15.104.132 http://www.statcounter.com.
Hosts: 72.29.93.243 http://www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 http://www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X MUI
AIM 7
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
FATE - The Traitor Soul
Google Chrome
Google Chrome Frame
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Netwaiting
Norton PC Checkup
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Skype Launcher
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Tales of Lagoona
TeamViewer 7
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
VLC media player 2.0.3
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
11/6/2012 9:56:51 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1406.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/6/2012 10:38:13 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.1303.0;1.139.1303.0 Engine version: 1.1.8904.0
11/6/2012 10:31:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1329.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/6/2012 10:20:46 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.1303.0;1.139.1303.0 Engine version: 1.1.8904.0
11/6/2012 10:11:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1406.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/11/2012 11:43:12 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
.
==== End Of File ===========================
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm
Advertisement
Register to Remove

Re: Annoying pop-ups

Unread postby Gary R » November 12th, 2012, 11:26 am

looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Annoying pop-ups

Unread postby Gary R » November 12th, 2012, 11:29 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Oink

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Annoying pop-ups

Unread postby oink » November 13th, 2012, 12:42 am

Here are the logs:

OTL.txt
frOTL logfile created on: 11/12/2012 10:29:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.50% Memory free
6.95 Gb Paging File | 5.09 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 407.11 Gb Free Space | 90.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/12 22:26:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/09/26 18:09:21 | 000,131,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
PRC - [2012/07/16 08:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 08:31:32 | 002,280,872 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/07/16 08:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/07/19 09:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 16:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 16:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 16:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 16:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 16:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 16:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 16:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 16:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/11/11 00:59:52 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/28 00:25:26 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/26 18:09:21 | 000,131,512 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/07/19 09:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/11 03:23:50 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/11 00:20:44 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/07 17:02:00 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 13:29:10 | 000,077,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/12/01 18:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/11/30 16:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/24 09:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 14:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\..\SearchScopes,DefaultScope = {05389155-7920-427C-8EC3-69A4A9B10288}
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\..\SearchScopes\{05389155-7920-427C-8EC3-69A4A9B10288}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS475
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1353900682-331446898-524479443-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



========== Chrome ==========

CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://start.toshiba.com/?cid=C001B2Y
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/10/11 21:27:29 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 198.15.104.132 www.google-analytics.com.
O1 - Hosts: 198.15.104.132 ad-emea.doubleclick.net.
O1 - Hosts: 198.15.104.132 www.statcounter.com.
O1 - Hosts: 72.29.93.243 www.google-analytics.com.
O1 - Hosts: 72.29.93.243 ad-emea.doubleclick.net.
O1 - Hosts: 72.29.93.243 www.statcounter.com.
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1353900682-331446898-524479443-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1353900682-331446898-524479443-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1353900682-331446898-524479443-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126D2821-5FA0-42F3-8868-F0406BF476F7}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/12 22:26:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/11/12 21:31:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{99B22686-7FC9-4833-B7A9-60617B11C05F}
[2012/11/11 21:19:30 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/11/11 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{094395C4-48A6-429E-986B-C4A45B1A6014}
[2012/11/10 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F3A9BFEC-4299-4EA1-99F3-1396CA1749C3}
[2012/11/10 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B932B3A-5BB7-4226-8EC4-81DCBAC7D30A}
[2012/11/09 17:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F337C580-2A80-4B2B-9C35-A118C10F650C}
[2012/11/08 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{682B21F1-8F0D-4ECD-89FF-58A808EB1310}
[2012/11/07 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4E3B36B4-4BB6-4E5C-9327-94AC44FD4060}
[2012/11/06 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A8352257-D631-467E-A0EA-D7066FD54B91}
[2012/11/06 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{063C08EC-716B-4015-88FE-262C7948C324}
[2012/11/06 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/11/06 21:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/06 21:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/06 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FB0A2751-39B3-4F33-AC99-E1EB795BAB65}
[2012/11/05 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E8AF5AB1-E8C8-49F1-9FA8-D2D09EB8D062}
[2012/11/04 11:48:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{45E4BCB8-C168-4487-8CA3-659F30BFD35E}
[2012/11/03 21:19:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DAEB363F-06CA-4F08-B276-D19BA7D2D93E}
[2012/11/03 09:19:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{284AFF7D-DFAC-45EA-81CD-4B6844D6809C}
[2012/11/02 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{68F3EBD4-1A28-4906-B128-229BD56BFD4F}
[2012/11/01 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{544B27A6-D002-4F04-9354-896D665031D0}
[2012/10/31 12:18:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BDDD820B-A831-4896-ACEA-AEDCDD549C88}
[2012/10/30 21:45:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Diagnostics
[2012/10/30 19:20:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8CE378D5-F4EF-471B-B94C-731AB12B077B}
[2012/10/29 12:17:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F08EA8A4-BD86-4908-97BF-FF4D19337F58}
[2012/10/28 19:39:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9163EE48-22EC-45FF-9A67-C3119DA9E869}
[2012/10/25 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C6DE0D4-7360-486C-9212-AD03861B5EB2}
[2012/10/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{327895A7-DECB-46E2-88CC-5B69CEC0AA52}
[2012/10/23 10:49:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6C54A367-BF96-42C3-BE64-E529ED6728C9}
[2012/10/22 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C5027FB5-420B-468F-B0A4-85676FFC64DC}
[2012/10/21 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0B385C0D-8FE5-4715-8198-F0BD9A0CCA35}
[2012/10/18 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A15286EF-674E-4578-A718-D305F1B84AB4}
[2012/10/17 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{361163A5-B1CE-469D-9993-9943B75EF9F9}
[2012/10/15 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D5E46645-8D62-4C26-8AD0-8E64D8AE1AD6}
[2012/10/14 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F64526B9-43BC-4257-9D64-010E99C591E0}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/12 22:32:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/12 22:26:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/11/12 21:37:53 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 21:37:53 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/12 21:35:07 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/12 21:35:07 | 000,624,352 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/12 21:35:07 | 000,106,696 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/12 21:30:46 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/12 21:30:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/12 21:30:25 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 21:19:35 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2012/10/23 18:46:52 | 000,001,805 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/12 18:23:30 | 000,743,890 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/22 17:32:37 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2012/02/19 06:17:32 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/02/19 06:09:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/02/19 06:07:02 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/02/19 06:07:02 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/02/19 06:07:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 21:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/30 21:50:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2012/07/24 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2012/08/26 09:33:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
[2012/03/13 15:27:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2012/03/13 15:14:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Toshiba
[2012/03/13 15:09:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Owner\Desktop\ilove ilpsy.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby oink » November 13th, 2012, 12:45 am

Extras.txt

OTL Extras logfile created on: 11/12/2012 10:29:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.50% Memory free
6.95 Gb Paging File | 5.09 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 407.11 Gb Free Space | 90.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15CA432E-D6F7-4229-B4AA-D0C7A60AA02D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B87E4F3-FA53-4469-B80D-5183295479D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{78D61A0F-4D3A-49EA-BC26-9F8024187791}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FCF181F-4C75-4644-ABC7-81B8C16B1CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{261CE1C0-AF12-40FD-8F74-F0DAFA7B973F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D625583-ACBB-434C-9DBA-63DB6B5C2378}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{80FDB3C6-1737-4611-8A78-957237CB3FB1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{8343B6AC-8715-4270-BC46-FA42E7335D6E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8B76A11C-B79F-4FFE-A6BC-2C5783FE140D}" = protocol=58 | dir=in | app=system |
"{B6EBBC70-E5EC-4FAE-ABF4-702E4A349192}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BBE6F8EB-11B4-456F-B30D-3BD5B2E4F444}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BD749642-0CF7-4845-831D-B5B905A0BFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D29C79D0-5BB9-4BC7-81CE-DE6C9BBD0DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D950BE30-3662-4F50-A693-9C31684ECB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F244F8E2-3F98-4F40-98BB-FA109E73AB40}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F95D36F8-6304-4E2A-A5FC-BD55CA400820}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}" = AMD Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91F676A5-8CDD-ADF7-AA9D-B7C99CD701C8}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BB5D40EF-0339-D00C-90EC-9BEF19C779D0}" = AMD Media Foundation Decoders
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF04C08-CBCD-BCB1-97D6-5C56D33679FD}" = Catalyst Control Center InstallProxy
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{1175C84E-14F8-8AE3-550F-497B273030FB}" = CCC Help Norwegian
"{1315D983-68E3-8632-5FFA-5BC55DB521EA}" = Catalyst Control Center Localization All
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3111F1DB-E89B-93BB-8CDF-A60715977A62}" = CCC Help Finnish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394624E4-459D-8E7F-5C57-2C2309A06F51}" = CCC Help Danish
"{4381B431-5E6C-375E-AD95-DA89A7531F21}" = CCC Help Spanish
"{45165601-DCEB-FB1D-B6DF-A4E014437767}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EACE966-0179-ECB9-32EC-32F07F5497B8}" = CCC Help Chinese Standard
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5EDBF020-B888-FB4E-51E5-792CB2C9E352}" = CCC Help English
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{763688D9-3297-ACBF-AD13-4C07D36FD41D}" = CCC Help German
"{772605F3-E0A3-C78C-4272-ECFD12D6847E}" = CCC Help Dutch
"{78444EA3-10EC-E016-820E-BA2353A42504}" = AMD VISION Engine Control Center
"{7AB837B4-1F6C-471B-5519-9775EA223C60}" = CCC Help Russian
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{8172DEE4-5FF3-92FB-E9CD-722468857C7B}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D58E199-34B5-D738-A308-2A10BAA0C1AD}" = CCC Help Swedish
"{8D94A4A6-67E0-EEAE-0729-A6A531727244}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABED73D-4E9D-89C2-6C2B-E9BFA09D2B6D}" = CCC Help Korean
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B20856DC-8427-4C6D-FC7D-5BBAEC51ED15}" = Catalyst Control Center Graphics Previews Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46E6F20-FA4C-299F-C1DA-98867458F828}" = CCC Help Thai
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B81652DF-ABFE-68FF-9280-A801F61A18AD}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C349A5B2-DF27-34B4-06A4-03A0E7AEC5A6}" = CCC Help Czech
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CAB61DE3-9FD1-CF77-755D-557321060C52}" = CCC Help Greek
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6A1F63D-F968-DF5E-ABAC-C2ECD10E26D5}" = CCC Help Hungarian
"{D85CDAE9-53D9-DCCD-EC80-78B13DB25D84}" = CCC Help Italian
"{D8EF84C2-4648-F978-0134-B0CD47BE3903}" = CCC Help French
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FC21D022-819D-440A-EDA1-2042966CF0ED}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.3
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00297882-db32-4832-a3d1-2937f8f9e064" = Tales of Lagoona
"WTA-5c03b7cb-b30b-44c0-8f7c-9b132361b6fe" = Penguins!
"WTA-68d140cc-3874-4d60-a7b0-96701d812e5d" = Plants vs. Zombies - Game of the Year
"WTA-862ab2db-df3c-4949-b309-5d27d8d61cc1" = Bejeweled 3
"WTA-c234bf63-332c-44aa-83b0-3cecb5d7befc" = FATE - The Traitor Soul
"WTA-cb894b23-1d7b-4aeb-a8a0-46bc06c963e5" = RollerCoaster Tycoon 3: Platinum
"WTA-d042c6ff-dc69-4f43-8a3c-ff4a938f1927" = Letters from Nowhere 2
"WTA-e86c5c02-e476-4c64-b7d2-66204143c66b" = Polar Bowler
"WTA-feb4fd72-caa6-4c90-b66f-c20abf528b71" = Zuma's Revenge

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2012 7:05:24 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/21/2012 11:35:57 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/21/2012 11:36:15 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/22/2012 8:57:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2012 8:57:22 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/23/2012 12:48:35 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2012 12:48:57 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/23/2012 8:00:29 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2012 8:00:46 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/24/2012 6:16:40 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/14/2012 2:25:33 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:01:51 PM on ?8/?13/?2012 was unexpected.

Error - 8/14/2012 6:12:02 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:09:54 PM on ?8/?14/?2012 was unexpected.

Error - 8/16/2012 6:21:03 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:17:26 PM on ?8/?14/?2012 was unexpected.

Error - 8/16/2012 10:14:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:44:26 PM on ?8/?16/?2012 was unexpected.

Error - 8/20/2012 2:17:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:37 PM on ?8/?17/?2012 was unexpected.

Error - 8/22/2012 7:25:18 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:59:33 PM on ?8/?21/?2012 was unexpected.


< End of report >
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby oink » November 13th, 2012, 12:45 am

Extras.txt

OTL Extras logfile created on: 11/12/2012 10:29:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.50% Memory free
6.95 Gb Paging File | 5.09 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 407.11 Gb Free Space | 90.54% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1353900682-331446898-524479443-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15CA432E-D6F7-4229-B4AA-D0C7A60AA02D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B87E4F3-FA53-4469-B80D-5183295479D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{78D61A0F-4D3A-49EA-BC26-9F8024187791}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FCF181F-4C75-4644-ABC7-81B8C16B1CDE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{261CE1C0-AF12-40FD-8F74-F0DAFA7B973F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4D625583-ACBB-434C-9DBA-63DB6B5C2378}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{80FDB3C6-1737-4611-8A78-957237CB3FB1}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{8343B6AC-8715-4270-BC46-FA42E7335D6E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8B76A11C-B79F-4FFE-A6BC-2C5783FE140D}" = protocol=58 | dir=in | app=system |
"{B6EBBC70-E5EC-4FAE-ABF4-702E4A349192}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BBE6F8EB-11B4-456F-B30D-3BD5B2E4F444}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BD749642-0CF7-4845-831D-B5B905A0BFAD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{D29C79D0-5BB9-4BC7-81CE-DE6C9BBD0DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{D950BE30-3662-4F50-A693-9C31684ECB2F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F244F8E2-3F98-4F40-98BB-FA109E73AB40}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F95D36F8-6304-4E2A-A5FC-BD55CA400820}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}" = AMD Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91F676A5-8CDD-ADF7-AA9D-B7C99CD701C8}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BB5D40EF-0339-D00C-90EC-9BEF19C779D0}" = AMD Media Foundation Decoders
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF04C08-CBCD-BCB1-97D6-5C56D33679FD}" = Catalyst Control Center InstallProxy
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{1175C84E-14F8-8AE3-550F-497B273030FB}" = CCC Help Norwegian
"{1315D983-68E3-8632-5FFA-5BC55DB521EA}" = Catalyst Control Center Localization All
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3111F1DB-E89B-93BB-8CDF-A60715977A62}" = CCC Help Finnish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394624E4-459D-8E7F-5C57-2C2309A06F51}" = CCC Help Danish
"{4381B431-5E6C-375E-AD95-DA89A7531F21}" = CCC Help Spanish
"{45165601-DCEB-FB1D-B6DF-A4E014437767}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EACE966-0179-ECB9-32EC-32F07F5497B8}" = CCC Help Chinese Standard
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5EDBF020-B888-FB4E-51E5-792CB2C9E352}" = CCC Help English
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{763688D9-3297-ACBF-AD13-4C07D36FD41D}" = CCC Help German
"{772605F3-E0A3-C78C-4272-ECFD12D6847E}" = CCC Help Dutch
"{78444EA3-10EC-E016-820E-BA2353A42504}" = AMD VISION Engine Control Center
"{7AB837B4-1F6C-471B-5519-9775EA223C60}" = CCC Help Russian
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{8172DEE4-5FF3-92FB-E9CD-722468857C7B}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D58E199-34B5-D738-A308-2A10BAA0C1AD}" = CCC Help Swedish
"{8D94A4A6-67E0-EEAE-0729-A6A531727244}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABED73D-4E9D-89C2-6C2B-E9BFA09D2B6D}" = CCC Help Korean
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B20856DC-8427-4C6D-FC7D-5BBAEC51ED15}" = Catalyst Control Center Graphics Previews Common
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46E6F20-FA4C-299F-C1DA-98867458F828}" = CCC Help Thai
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B81652DF-ABFE-68FF-9280-A801F61A18AD}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C349A5B2-DF27-34B4-06A4-03A0E7AEC5A6}" = CCC Help Czech
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CAB61DE3-9FD1-CF77-755D-557321060C52}" = CCC Help Greek
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6A1F63D-F968-DF5E-ABAC-C2ECD10E26D5}" = CCC Help Hungarian
"{D85CDAE9-53D9-DCCD-EC80-78B13DB25D84}" = CCC Help Italian
"{D8EF84C2-4648-F978-0134-B0CD47BE3903}" = CCC Help French
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FC21D022-819D-440A-EDA1-2042966CF0ED}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.3
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00297882-db32-4832-a3d1-2937f8f9e064" = Tales of Lagoona
"WTA-5c03b7cb-b30b-44c0-8f7c-9b132361b6fe" = Penguins!
"WTA-68d140cc-3874-4d60-a7b0-96701d812e5d" = Plants vs. Zombies - Game of the Year
"WTA-862ab2db-df3c-4949-b309-5d27d8d61cc1" = Bejeweled 3
"WTA-c234bf63-332c-44aa-83b0-3cecb5d7befc" = FATE - The Traitor Soul
"WTA-cb894b23-1d7b-4aeb-a8a0-46bc06c963e5" = RollerCoaster Tycoon 3: Platinum
"WTA-d042c6ff-dc69-4f43-8a3c-ff4a938f1927" = Letters from Nowhere 2
"WTA-e86c5c02-e476-4c64-b7d2-66204143c66b" = Polar Bowler
"WTA-feb4fd72-caa6-4c90-b66f-c20abf528b71" = Zuma's Revenge

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/18/2012 7:05:24 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/21/2012 11:35:57 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/21/2012 11:36:15 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/22/2012 8:57:00 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/22/2012 8:57:22 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/23/2012 12:48:35 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2012 12:48:57 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/23/2012 8:00:29 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/23/2012 8:00:46 PM | Computer Name = Owner-PC | Source = Toshiba App Place | ID = 0
Description =

Error - 10/24/2012 6:16:40 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36874
Description = An SSL 3.0 connection request was received from a remote client application,
but none of the cipher suites supported by the client application are supported
by the server. The SSL connection request has failed.

Error - 8/10/2012 6:19:02 PM | Computer Name = Owner-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 8/14/2012 2:25:33 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:01:51 PM on ?8/?13/?2012 was unexpected.

Error - 8/14/2012 6:12:02 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:09:54 PM on ?8/?14/?2012 was unexpected.

Error - 8/16/2012 6:21:03 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:17:26 PM on ?8/?14/?2012 was unexpected.

Error - 8/16/2012 10:14:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:44:26 PM on ?8/?16/?2012 was unexpected.

Error - 8/20/2012 2:17:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:52:37 PM on ?8/?17/?2012 was unexpected.

Error - 8/22/2012 7:25:18 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:59:33 PM on ?8/?21/?2012 was unexpected.


< End of report >
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby oink » November 13th, 2012, 12:52 am

TDSSKiller log

22:48:40.0527 2672 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:48:41.0885 2672 ============================================================
22:48:41.0885 2672 Current date / time: 2012/11/12 22:48:41.0885
22:48:41.0885 2672 SystemInfo:
22:48:41.0885 2672
22:48:41.0885 2672 OS Version: 6.1.7601 ServicePack: 1.0
22:48:41.0885 2672 Product type: Workstation
22:48:41.0885 2672 ComputerName: OWNER-PC
22:48:41.0886 2672 UserName: Owner
22:48:41.0886 2672 Windows directory: C:\windows
22:48:41.0886 2672 System windows directory: C:\windows
22:48:41.0886 2672 Running under WOW64
22:48:41.0886 2672 Processor architecture: Intel x64
22:48:41.0886 2672 Number of processors: 4
22:48:41.0886 2672 Page size: 0x1000
22:48:41.0886 2672 Boot type: Normal boot
22:48:41.0886 2672 ============================================================
22:48:43.0659 2672 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:48:43.0666 2672 ============================================================
22:48:43.0666 2672 \Device\Harddisk0\DR0:
22:48:43.0666 2672 MBR partitions:
22:48:43.0666 2672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38344000
22:48:43.0666 2672 ============================================================
22:48:43.0689 2672 C: <-> \Device\Harddisk0\DR0\Partition1
22:48:43.0689 2672 ============================================================
22:48:43.0689 2672 Initialize success
22:48:43.0689 2672 ============================================================
22:48:58.0979 4892 ============================================================
22:48:58.0979 4892 Scan started
22:48:58.0979 4892 Mode: Manual;
22:48:58.0979 4892 ============================================================
22:48:59.0263 4892 ================ Scan system memory ========================
22:48:59.0264 4892 System memory - ok
22:48:59.0265 4892 ================ Scan services =============================
22:48:59.0397 4892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:48:59.0400 4892 1394ohci - ok
22:48:59.0429 4892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:48:59.0433 4892 ACPI - ok
22:48:59.0448 4892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:48:59.0449 4892 AcpiPmi - ok
22:48:59.0488 4892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
22:48:59.0494 4892 adp94xx - ok
22:48:59.0530 4892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
22:48:59.0534 4892 adpahci - ok
22:48:59.0542 4892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
22:48:59.0545 4892 adpu320 - ok
22:48:59.0583 4892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:48:59.0584 4892 AeLookupSvc - ok
22:48:59.0636 4892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
22:48:59.0642 4892 AFD - ok
22:48:59.0680 4892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
22:48:59.0681 4892 agp440 - ok
22:48:59.0714 4892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
22:48:59.0716 4892 ALG - ok
22:48:59.0733 4892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
22:48:59.0734 4892 aliide - ok
22:48:59.0782 4892 [ 276EEFC3E2BCE9F429AAEC041BCE1488 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:48:59.0785 4892 AMD External Events Utility - ok
22:48:59.0803 4892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
22:48:59.0804 4892 amdide - ok
22:48:59.0821 4892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
22:48:59.0823 4892 AmdK8 - ok
22:49:00.0073 4892 [ EC8480425E5A8775FEB5004A8C1BD11E ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:49:00.0327 4892 amdkmdag - ok
22:49:00.0384 4892 [ 87543E780F418BCDBC77279FE784AFF7 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
22:49:00.0387 4892 amdkmdap - ok
22:49:00.0417 4892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:49:00.0418 4892 AmdPPM - ok
22:49:00.0444 4892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
22:49:00.0446 4892 amdsata - ok
22:49:00.0470 4892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
22:49:00.0474 4892 amdsbs - ok
22:49:00.0482 4892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:49:00.0483 4892 amdxata - ok
22:49:00.0505 4892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
22:49:00.0506 4892 AppID - ok
22:49:00.0533 4892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:49:00.0534 4892 AppIDSvc - ok
22:49:00.0540 4892 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
22:49:00.0542 4892 Appinfo - ok
22:49:00.0550 4892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
22:49:00.0552 4892 arc - ok
22:49:00.0559 4892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
22:49:00.0561 4892 arcsas - ok
22:49:00.0600 4892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:49:00.0601 4892 AsyncMac - ok
22:49:00.0607 4892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
22:49:00.0608 4892 atapi - ok
22:49:00.0674 4892 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
22:49:00.0675 4892 AtiHDAudioService - ok
22:49:00.0740 4892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:49:00.0754 4892 AudioEndpointBuilder - ok
22:49:00.0767 4892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
22:49:00.0773 4892 AudioSrv - ok
22:49:00.0807 4892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
22:49:00.0810 4892 AxInstSV - ok
22:49:00.0855 4892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
22:49:00.0860 4892 b06bdrv - ok
22:49:00.0891 4892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
22:49:00.0896 4892 b57nd60a - ok
22:49:00.0946 4892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
22:49:00.0948 4892 BDESVC - ok
22:49:00.0965 4892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
22:49:00.0966 4892 Beep - ok
22:49:01.0013 4892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
22:49:01.0022 4892 BFE - ok
22:49:01.0071 4892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
22:49:01.0082 4892 BITS - ok
22:49:01.0125 4892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:49:01.0126 4892 blbdrive - ok
22:49:01.0160 4892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:49:01.0162 4892 bowser - ok
22:49:01.0167 4892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
22:49:01.0168 4892 BrFiltLo - ok
22:49:01.0175 4892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
22:49:01.0176 4892 BrFiltUp - ok
22:49:01.0212 4892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
22:49:01.0214 4892 Browser - ok
22:49:01.0238 4892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:49:01.0243 4892 Brserid - ok
22:49:01.0249 4892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:49:01.0250 4892 BrSerWdm - ok
22:49:01.0266 4892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:49:01.0267 4892 BrUsbMdm - ok
22:49:01.0273 4892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:49:01.0274 4892 BrUsbSer - ok
22:49:01.0281 4892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
22:49:01.0283 4892 BTHMODEM - ok
22:49:01.0311 4892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
22:49:01.0313 4892 bthserv - ok
22:49:01.0344 4892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:49:01.0345 4892 cdfs - ok
22:49:01.0367 4892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:49:01.0369 4892 cdrom - ok
22:49:01.0390 4892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
22:49:01.0392 4892 CertPropSvc - ok
22:49:01.0411 4892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
22:49:01.0412 4892 circlass - ok
22:49:01.0436 4892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
22:49:01.0441 4892 CLFS - ok
22:49:01.0501 4892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:49:01.0502 4892 clr_optimization_v2.0.50727_32 - ok
22:49:01.0566 4892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:49:01.0567 4892 clr_optimization_v2.0.50727_64 - ok
22:49:01.0797 4892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:49:01.0801 4892 clr_optimization_v4.0.30319_32 - ok
22:49:02.0006 4892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:49:02.0010 4892 clr_optimization_v4.0.30319_64 - ok
22:49:02.0052 4892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:49:02.0053 4892 CmBatt - ok
22:49:02.0060 4892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
22:49:02.0061 4892 cmdide - ok
22:49:02.0110 4892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
22:49:02.0117 4892 CNG - ok
22:49:02.0219 4892 [ 20506F12AFAD3DB588D007EA9325FBBC ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
22:49:02.0231 4892 CnxtHdAudService - ok
22:49:02.0276 4892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
22:49:02.0276 4892 Compbatt - ok
22:49:02.0295 4892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
22:49:02.0296 4892 CompositeBus - ok
22:49:02.0313 4892 COMSysApp - ok
22:49:02.0320 4892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
22:49:02.0321 4892 crcdisk - ok
22:49:02.0355 4892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
22:49:02.0358 4892 CryptSvc - ok
22:49:02.0405 4892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
22:49:02.0413 4892 DcomLaunch - ok
22:49:02.0446 4892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
22:49:02.0450 4892 defragsvc - ok
22:49:02.0491 4892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:49:02.0493 4892 DfsC - ok
22:49:02.0530 4892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
22:49:02.0535 4892 Dhcp - ok
22:49:02.0543 4892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
22:49:02.0544 4892 discache - ok
22:49:02.0565 4892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
22:49:02.0566 4892 Disk - ok
22:49:02.0606 4892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:49:02.0609 4892 Dnscache - ok
22:49:02.0643 4892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
22:49:02.0647 4892 dot3svc - ok
22:49:02.0658 4892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
22:49:02.0661 4892 DPS - ok
22:49:02.0696 4892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:49:02.0698 4892 drmkaud - ok
22:49:02.0731 4892 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:49:02.0739 4892 DXGKrnl - ok
22:49:02.0789 4892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
22:49:02.0791 4892 EapHost - ok
22:49:02.0893 4892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
22:49:02.0932 4892 ebdrv - ok
22:49:02.0966 4892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
22:49:02.0969 4892 EFS - ok
22:49:03.0054 4892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:49:03.0067 4892 ehRecvr - ok
22:49:03.0093 4892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
22:49:03.0096 4892 ehSched - ok
22:49:03.0138 4892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
22:49:03.0146 4892 elxstor - ok
22:49:03.0152 4892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
22:49:03.0154 4892 ErrDev - ok
22:49:03.0200 4892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
22:49:03.0206 4892 EventSystem - ok
22:49:03.0221 4892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
22:49:03.0224 4892 exfat - ok
22:49:03.0246 4892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
22:49:03.0249 4892 fastfat - ok
22:49:03.0285 4892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
22:49:03.0295 4892 Fax - ok
22:49:03.0302 4892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
22:49:03.0303 4892 fdc - ok
22:49:03.0328 4892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
22:49:03.0329 4892 fdPHost - ok
22:49:03.0336 4892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
22:49:03.0337 4892 FDResPub - ok
22:49:03.0361 4892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:49:03.0362 4892 FileInfo - ok
22:49:03.0368 4892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:49:03.0369 4892 Filetrace - ok
22:49:03.0375 4892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
22:49:03.0376 4892 flpydisk - ok
22:49:03.0416 4892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:49:03.0419 4892 FltMgr - ok
22:49:03.0453 4892 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
22:49:03.0468 4892 FontCache - ok
22:49:03.0517 4892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:49:03.0517 4892 FontCache3.0.0.0 - ok
22:49:03.0549 4892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:49:03.0550 4892 FsDepends - ok
22:49:03.0573 4892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:49:03.0573 4892 Fs_Rec - ok
22:49:03.0590 4892 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:49:03.0593 4892 fvevol - ok
22:49:03.0617 4892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
22:49:03.0619 4892 gagp30kx - ok
22:49:03.0686 4892 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:49:03.0689 4892 GamesAppService - ok
22:49:03.0738 4892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
22:49:03.0749 4892 gpsvc - ok
22:49:03.0803 4892 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:03.0805 4892 gupdate - ok
22:49:03.0811 4892 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:49:03.0812 4892 gupdatem - ok
22:49:03.0842 4892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:49:03.0843 4892 hcw85cir - ok
22:49:03.0878 4892 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:49:03.0883 4892 HdAudAddService - ok
22:49:03.0912 4892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:49:03.0914 4892 HDAudBus - ok
22:49:03.0919 4892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
22:49:03.0921 4892 HidBatt - ok
22:49:03.0927 4892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
22:49:03.0930 4892 HidBth - ok
22:49:03.0936 4892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
22:49:03.0938 4892 HidIr - ok
22:49:03.0970 4892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
22:49:03.0971 4892 hidserv - ok
22:49:04.0006 4892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
22:49:04.0007 4892 HidUsb - ok
22:49:04.0029 4892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
22:49:04.0031 4892 hkmsvc - ok
22:49:04.0052 4892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:49:04.0056 4892 HomeGroupListener - ok
22:49:04.0088 4892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:49:04.0092 4892 HomeGroupProvider - ok
22:49:04.0099 4892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:49:04.0100 4892 HpSAMD - ok
22:49:04.0166 4892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:49:04.0175 4892 HTTP - ok
22:49:04.0182 4892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:49:04.0182 4892 hwpolicy - ok
22:49:04.0202 4892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:49:04.0203 4892 i8042prt - ok
22:49:04.0233 4892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:49:04.0239 4892 iaStorV - ok
22:49:04.0335 4892 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:49:04.0338 4892 IDriverT - ok
22:49:04.0394 4892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:49:04.0408 4892 idsvc - ok
22:49:04.0433 4892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
22:49:04.0434 4892 iirsp - ok
22:49:04.0487 4892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
22:49:04.0506 4892 IKEEXT - ok
22:49:04.0514 4892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
22:49:04.0516 4892 intelide - ok
22:49:04.0530 4892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
22:49:04.0531 4892 intelppm - ok
22:49:04.0550 4892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:49:04.0553 4892 IPBusEnum - ok
22:49:04.0559 4892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:49:04.0561 4892 IpFilterDriver - ok
22:49:04.0584 4892 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:49:04.0592 4892 iphlpsvc - ok
22:49:04.0606 4892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:49:04.0607 4892 IPMIDRV - ok
22:49:04.0625 4892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:49:04.0627 4892 IPNAT - ok
22:49:04.0643 4892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
22:49:04.0644 4892 IRENUM - ok
22:49:04.0651 4892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:49:04.0652 4892 isapnp - ok
22:49:04.0674 4892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:49:04.0678 4892 iScsiPrt - ok
22:49:04.0697 4892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:49:04.0698 4892 kbdclass - ok
22:49:04.0710 4892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:49:04.0711 4892 kbdhid - ok
22:49:04.0733 4892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
22:49:04.0735 4892 KeyIso - ok
22:49:04.0772 4892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:49:04.0774 4892 KSecDD - ok
22:49:04.0795 4892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:49:04.0798 4892 KSecPkg - ok
22:49:04.0824 4892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
22:49:04.0825 4892 ksthunk - ok
22:49:04.0863 4892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
22:49:04.0869 4892 KtmRm - ok
22:49:04.0901 4892 [ 045FB70BC993B691517CE309045FF02D ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
22:49:04.0902 4892 L1C - ok
22:49:04.0943 4892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
22:49:04.0947 4892 LanmanServer - ok
22:49:04.0984 4892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:49:04.0991 4892 LanmanWorkstation - ok
22:49:05.0036 4892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:49:05.0037 4892 lltdio - ok
22:49:05.0072 4892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
22:49:05.0077 4892 lltdsvc - ok
22:49:05.0082 4892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
22:49:05.0084 4892 lmhosts - ok
22:49:05.0100 4892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
22:49:05.0102 4892 LSI_FC - ok
22:49:05.0114 4892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
22:49:05.0116 4892 LSI_SAS - ok
22:49:05.0133 4892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
22:49:05.0135 4892 LSI_SAS2 - ok
22:49:05.0142 4892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
22:49:05.0144 4892 LSI_SCSI - ok
22:49:05.0166 4892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
22:49:05.0168 4892 luafv - ok
22:49:05.0187 4892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:49:05.0189 4892 Mcx2Svc - ok
22:49:05.0195 4892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
22:49:05.0197 4892 megasas - ok
22:49:05.0215 4892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
22:49:05.0219 4892 MegaSR - ok
22:49:05.0253 4892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
22:49:05.0255 4892 MMCSS - ok
22:49:05.0261 4892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
22:49:05.0262 4892 Modem - ok
22:49:05.0292 4892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:49:05.0292 4892 monitor - ok
22:49:05.0306 4892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:49:05.0307 4892 mouclass - ok
22:49:05.0312 4892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
22:49:05.0314 4892 mouhid - ok
22:49:05.0321 4892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:49:05.0323 4892 mountmgr - ok
22:49:05.0367 4892 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
22:49:05.0370 4892 MpFilter - ok
22:49:05.0392 4892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
22:49:05.0394 4892 mpio - ok
22:49:05.0401 4892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:49:05.0403 4892 mpsdrv - ok
22:49:05.0445 4892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
22:49:05.0456 4892 MpsSvc - ok
22:49:05.0463 4892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:49:05.0465 4892 MRxDAV - ok
22:49:05.0499 4892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:49:05.0501 4892 mrxsmb - ok
22:49:05.0510 4892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:49:05.0514 4892 mrxsmb10 - ok
22:49:05.0521 4892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:49:05.0523 4892 mrxsmb20 - ok
22:49:05.0529 4892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
22:49:05.0530 4892 msahci - ok
22:49:05.0537 4892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:49:05.0540 4892 msdsm - ok
22:49:05.0556 4892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
22:49:05.0560 4892 MSDTC - ok
22:49:05.0581 4892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:49:05.0582 4892 Msfs - ok
22:49:05.0588 4892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:49:05.0589 4892 mshidkmdf - ok
22:49:05.0595 4892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:49:05.0595 4892 msisadrv - ok
22:49:05.0638 4892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:49:05.0641 4892 MSiSCSI - ok
22:49:05.0646 4892 msiserver - ok
22:49:05.0695 4892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:49:05.0696 4892 MSKSSRV - ok
22:49:05.0803 4892 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:49:05.0804 4892 MsMpSvc - ok
22:49:05.0840 4892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:49:05.0841 4892 MSPCLOCK - ok
22:49:05.0859 4892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:49:05.0860 4892 MSPQM - ok
22:49:05.0886 4892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:49:05.0892 4892 MsRPC - ok
22:49:05.0905 4892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:49:05.0907 4892 mssmbios - ok
22:49:05.0914 4892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:49:05.0915 4892 MSTEE - ok
22:49:05.0921 4892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
22:49:05.0922 4892 MTConfig - ok
22:49:05.0928 4892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
22:49:05.0929 4892 Mup - ok
22:49:05.0969 4892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
22:49:05.0976 4892 napagent - ok
22:49:06.0008 4892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:49:06.0012 4892 NativeWifiP - ok
22:49:06.0062 4892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
22:49:06.0073 4892 NDIS - ok
22:49:06.0111 4892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:49:06.0112 4892 NdisCap - ok
22:49:06.0127 4892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:49:06.0128 4892 NdisTapi - ok
22:49:06.0134 4892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:49:06.0136 4892 Ndisuio - ok
22:49:06.0143 4892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:49:06.0145 4892 NdisWan - ok
22:49:06.0195 4892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:49:06.0198 4892 NDProxy - ok
22:49:06.0214 4892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:49:06.0216 4892 NetBIOS - ok
22:49:06.0239 4892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:49:06.0244 4892 NetBT - ok
22:49:06.0267 4892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
22:49:06.0269 4892 Netlogon - ok
22:49:06.0321 4892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
22:49:06.0327 4892 Netman - ok
22:49:06.0348 4892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
22:49:06.0355 4892 netprofm - ok
22:49:06.0389 4892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:49:06.0392 4892 NetTcpPortSharing - ok
22:49:06.0426 4892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
22:49:06.0427 4892 nfrd960 - ok
22:49:06.0488 4892 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:49:06.0489 4892 NisDrv - ok
22:49:06.0555 4892 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:49:06.0560 4892 NisSrv - ok
22:49:06.0606 4892 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
22:49:06.0610 4892 NlaSvc - ok
22:49:06.0664 4892 Norton PC Checkup Application Launcher - ok
22:49:06.0683 4892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
22:49:06.0684 4892 Npfs - ok
22:49:06.0715 4892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
22:49:06.0717 4892 nsi - ok
22:49:06.0737 4892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:49:06.0737 4892 nsiproxy - ok
22:49:06.0801 4892 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:49:06.0820 4892 Ntfs - ok
22:49:06.0836 4892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
22:49:06.0837 4892 Null - ok
22:49:06.0856 4892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
22:49:06.0859 4892 nvraid - ok
22:49:06.0890 4892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
22:49:06.0892 4892 nvstor - ok
22:49:06.0899 4892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:49:06.0901 4892 nv_agp - ok
22:49:06.0908 4892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:49:06.0910 4892 ohci1394 - ok
22:49:06.0982 4892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:49:06.0984 4892 ose - ok
22:49:07.0148 4892 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:49:07.0221 4892 osppsvc - ok
22:49:07.0268 4892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:49:07.0274 4892 p2pimsvc - ok
22:49:07.0292 4892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
22:49:07.0299 4892 p2psvc - ok
22:49:07.0326 4892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
22:49:07.0328 4892 Parport - ok
22:49:07.0354 4892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
22:49:07.0356 4892 partmgr - ok
22:49:07.0370 4892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
22:49:07.0374 4892 PcaSvc - ok
22:49:07.0465 4892 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
22:49:07.0466 4892 PCCUJobMgr - ok
22:49:07.0510 4892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
22:49:07.0513 4892 pci - ok
22:49:07.0519 4892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
22:49:07.0519 4892 pciide - ok
22:49:07.0530 4892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
22:49:07.0533 4892 pcmcia - ok
22:49:07.0539 4892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
22:49:07.0540 4892 pcw - ok
22:49:07.0553 4892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:49:07.0561 4892 PEAUTH - ok
22:49:07.0646 4892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
22:49:07.0648 4892 PerfHost - ok
22:49:07.0695 4892 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
22:49:07.0696 4892 PGEffect - ok
22:49:07.0754 4892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
22:49:07.0772 4892 pla - ok
22:49:07.0825 4892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:49:07.0832 4892 PlugPlay - ok
22:49:07.0848 4892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:49:07.0850 4892 PNRPAutoReg - ok
22:49:07.0859 4892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:49:07.0863 4892 PNRPsvc - ok
22:49:07.0896 4892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:49:07.0904 4892 PolicyAgent - ok
22:49:07.0914 4892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
22:49:07.0919 4892 Power - ok
22:49:07.0964 4892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:49:07.0966 4892 PptpMiniport - ok
22:49:07.0979 4892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
22:49:07.0980 4892 Processor - ok
22:49:08.0024 4892 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
22:49:08.0028 4892 ProfSvc - ok
22:49:08.0055 4892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
22:49:08.0057 4892 ProtectedStorage - ok
22:49:08.0091 4892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:49:08.0108 4892 Psched - ok
22:49:08.0178 4892 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
22:49:08.0179 4892 QIOMem - ok
22:49:08.0249 4892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
22:49:08.0267 4892 ql2300 - ok
22:49:08.0274 4892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
22:49:08.0277 4892 ql40xx - ok
22:49:08.0326 4892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
22:49:08.0334 4892 QWAVE - ok
22:49:08.0345 4892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:49:08.0346 4892 QWAVEdrv - ok
22:49:08.0354 4892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:49:08.0355 4892 RasAcd - ok
22:49:08.0401 4892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:49:08.0403 4892 RasAgileVpn - ok
22:49:08.0436 4892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
22:49:08.0441 4892 RasAuto - ok
22:49:08.0471 4892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:49:08.0474 4892 Rasl2tp - ok
22:49:08.0509 4892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
22:49:08.0517 4892 RasMan - ok
22:49:08.0540 4892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:49:08.0543 4892 RasPppoe - ok
22:49:08.0550 4892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:49:08.0553 4892 RasSstp - ok
22:49:08.0575 4892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:49:08.0578 4892 rdbss - ok
22:49:08.0585 4892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
22:49:08.0586 4892 rdpbus - ok
22:49:08.0591 4892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:49:08.0592 4892 RDPCDD - ok
22:49:08.0610 4892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:49:08.0611 4892 RDPENCDD - ok
22:49:08.0626 4892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:49:08.0627 4892 RDPREFMP - ok
22:49:08.0662 4892 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:49:08.0665 4892 RDPWD - ok
22:49:08.0673 4892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:49:08.0675 4892 rdyboost - ok
22:49:08.0714 4892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
22:49:08.0716 4892 RemoteAccess - ok
22:49:08.0752 4892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:49:08.0756 4892 RemoteRegistry - ok
22:49:08.0787 4892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:49:08.0789 4892 RpcEptMapper - ok
22:49:08.0821 4892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
22:49:08.0822 4892 RpcLocator - ok
22:49:08.0849 4892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
22:49:08.0854 4892 RpcSs - ok
22:49:08.0897 4892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:49:08.0899 4892 rspndr - ok
22:49:08.0954 4892 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
22:49:08.0956 4892 RSUSBSTOR - ok
22:49:08.0965 4892 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys
22:49:08.0969 4892 RSUSBVSTOR - ok
22:49:09.0023 4892 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
22:49:09.0032 4892 RTL8192Ce - ok
22:49:09.0045 4892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
22:49:09.0047 4892 SamSs - ok
22:49:09.0067 4892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:49:09.0069 4892 sbp2port - ok
22:49:09.0163 4892 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:49:09.0180 4892 SBSDWSCService - ok
22:49:09.0214 4892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
22:49:09.0220 4892 SCardSvr - ok
22:49:09.0256 4892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:49:09.0258 4892 scfilter - ok
22:49:09.0298 4892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
22:49:09.0317 4892 Schedule - ok
22:49:09.0347 4892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
22:49:09.0349 4892 SCPolicySvc - ok
22:49:09.0385 4892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:49:09.0391 4892 SDRSVC - ok
22:49:09.0427 4892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:49:09.0429 4892 secdrv - ok
22:49:09.0446 4892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
22:49:09.0450 4892 seclogon - ok
22:49:09.0467 4892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
22:49:09.0471 4892 SENS - ok
22:49:09.0521 4892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
22:49:09.0524 4892 SensrSvc - ok
22:49:09.0531 4892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
22:49:09.0533 4892 Serenum - ok
22:49:09.0577 4892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
22:49:09.0579 4892 Serial - ok
22:49:09.0586 4892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
22:49:09.0588 4892 sermouse - ok
22:49:09.0614 4892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
22:49:09.0618 4892 SessionEnv - ok
22:49:09.0625 4892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:49:09.0626 4892 sffdisk - ok
22:49:09.0633 4892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:49:09.0634 4892 sffp_mmc - ok
22:49:09.0640 4892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:49:09.0641 4892 sffp_sd - ok
22:49:09.0647 4892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
22:49:09.0648 4892 sfloppy - ok
22:49:09.0666 4892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
22:49:09.0672 4892 SharedAccess - ok
22:49:09.0699 4892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:49:09.0705 4892 ShellHWDetection - ok
22:49:09.0711 4892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
22:49:09.0713 4892 SiSRaid2 - ok
22:49:09.0719 4892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
22:49:09.0721 4892 SiSRaid4 - ok
22:49:09.0761 4892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
22:49:09.0763 4892 Smb - ok
22:49:09.0803 4892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:49:09.0805 4892 SNMPTRAP - ok
22:49:09.0811 4892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
22:49:09.0812 4892 spldr - ok
22:49:09.0858 4892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
22:49:09.0867 4892 Spooler - ok
22:49:09.0974 4892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
22:49:10.0016 4892 sppsvc - ok
22:49:10.0024 4892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:49:10.0027 4892 sppuinotify - ok
22:49:10.0071 4892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
22:49:10.0096 4892 srv - ok
22:49:10.0120 4892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:49:10.0125 4892 srv2 - ok
22:49:10.0133 4892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:49:10.0136 4892 srvnet - ok
22:49:10.0181 4892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:49:10.0185 4892 SSDPSRV - ok
22:49:10.0225 4892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
22:49:10.0227 4892 SstpSvc - ok
22:49:10.0233 4892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
22:49:10.0234 4892 stexstor - ok
22:49:10.0297 4892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
22:49:10.0307 4892 stisvc - ok
22:49:10.0348 4892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:49:10.0348 4892 swenum - ok
22:49:10.0391 4892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
22:49:10.0405 4892 swprv - ok
22:49:10.0482 4892 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:49:10.0493 4892 SynTP - ok
22:49:10.0553 4892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
22:49:10.0575 4892 SysMain - ok
22:49:10.0588 4892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
22:49:10.0592 4892 TabletInputService - ok
22:49:10.0611 4892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
22:49:10.0617 4892 TapiSrv - ok
22:49:10.0647 4892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
22:49:10.0650 4892 TBS - ok
22:49:10.0718 4892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:49:10.0741 4892 Tcpip - ok
22:49:10.0789 4892 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:49:10.0803 4892 TCPIP6 - ok
22:49:10.0841 4892 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:49:10.0842 4892 tcpipreg - ok
22:49:10.0882 4892 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
22:49:10.0883 4892 tdcmdpst - ok
22:49:10.0889 4892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:49:10.0890 4892 TDPIPE - ok
22:49:10.0923 4892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:49:10.0924 4892 TDTCP - ok
22:49:10.0951 4892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:49:10.0953 4892 tdx - ok
22:49:11.0072 4892 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:49:11.0094 4892 TeamViewer7 - ok
22:49:11.0114 4892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:49:11.0116 4892 TermDD - ok
22:49:11.0156 4892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
22:49:11.0166 4892 TermService - ok
22:49:11.0186 4892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
22:49:11.0189 4892 Themes - ok
22:49:11.0209 4892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
22:49:11.0212 4892 THREADORDER - ok
22:49:11.0287 4892 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:49:11.0289 4892 TMachInfo - ok
22:49:11.0333 4892 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
22:49:11.0337 4892 TODDSrv - ok
22:49:11.0417 4892 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
22:49:11.0424 4892 TosCoSrv - ok
22:49:11.0489 4892 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:49:11.0493 4892 TOSHIBA eco Utility Service - ok
22:49:11.0539 4892 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:49:11.0541 4892 TOSHIBA HDD SSD Alert Service - ok
22:49:11.0608 4892 [ D788190624C617EC8BE62D9F644283D7 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:49:11.0618 4892 TPCHSrv - ok
22:49:11.0648 4892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
22:49:11.0652 4892 TrkWks - ok
22:49:11.0700 4892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:49:11.0702 4892 TrustedInstaller - ok
22:49:11.0737 4892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:49:11.0738 4892 tssecsrv - ok
22:49:11.0756 4892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:49:11.0758 4892 TsUsbFlt - ok
22:49:11.0765 4892 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
22:49:11.0766 4892 TsUsbGD - ok
22:49:11.0789 4892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:49:11.0792 4892 tunnel - ok
22:49:11.0838 4892 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:49:11.0839 4892 TVALZ - ok
22:49:11.0877 4892 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
22:49:11.0878 4892 TVALZFL - ok
22:49:11.0898 4892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
22:49:11.0900 4892 uagp35 - ok
22:49:11.0931 4892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:49:11.0935 4892 udfs - ok
22:49:11.0963 4892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:49:11.0966 4892 UI0Detect - ok
22:49:11.0972 4892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:49:11.0973 4892 uliagpkx - ok
22:49:11.0996 4892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
22:49:11.0998 4892 umbus - ok
22:49:12.0004 4892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
22:49:12.0005 4892 UmPass - ok
22:49:12.0046 4892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
22:49:12.0052 4892 upnphost - ok
22:49:12.0059 4892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:49:12.0061 4892 usbccgp - ok
22:49:12.0117 4892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:49:12.0119 4892 usbcir - ok
22:49:12.0125 4892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:49:12.0127 4892 usbehci - ok
22:49:12.0177 4892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:49:12.0182 4892 usbhub - ok
22:49:12.0187 4892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:49:12.0188 4892 usbohci - ok
22:49:12.0230 4892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:49:12.0232 4892 usbprint - ok
22:49:12.0277 4892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
22:49:12.0279 4892 usbscan - ok
22:49:12.0296 4892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:49:12.0298 4892 USBSTOR - ok
22:49:12.0303 4892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:49:12.0305 4892 usbuhci - ok
22:49:12.0338 4892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:49:12.0341 4892 usbvideo - ok
22:49:12.0374 4892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
22:49:12.0377 4892 UxSms - ok
22:49:12.0390 4892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
22:49:12.0391 4892 VaultSvc - ok
22:49:12.0407 4892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:49:12.0408 4892 vdrvroot - ok
22:49:12.0433 4892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
22:49:12.0441 4892 vds - ok
22:49:12.0473 4892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:49:12.0474 4892 vga - ok
22:49:12.0480 4892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
22:49:12.0481 4892 VgaSave - ok
22:49:12.0489 4892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:49:12.0492 4892 vhdmp - ok
22:49:12.0498 4892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
22:49:12.0499 4892 viaide - ok
22:49:12.0506 4892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:49:12.0507 4892 volmgr - ok
22:49:12.0519 4892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:49:12.0524 4892 volmgrx - ok
22:49:12.0538 4892 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
22:49:12.0542 4892 volsnap - ok
22:49:12.0550 4892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
22:49:12.0553 4892 vsmraid - ok
22:49:12.0627 4892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
22:49:12.0659 4892 VSS - ok
22:49:12.0668 4892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:49:12.0669 4892 vwifibus - ok
22:49:12.0685 4892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:49:12.0686 4892 vwififlt - ok
22:49:12.0707 4892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
22:49:12.0714 4892 W32Time - ok
22:49:12.0753 4892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
22:49:12.0754 4892 WacomPen - ok
22:49:12.0780 4892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:49:12.0781 4892 WANARP - ok
22:49:12.0786 4892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:49:12.0787 4892 Wanarpv6 - ok
22:49:12.0854 4892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:49:12.0870 4892 WatAdminSvc - ok
22:49:12.0931 4892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
22:49:12.0951 4892 wbengine - ok
22:49:12.0959 4892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:49:12.0964 4892 WbioSrvc - ok
22:49:12.0973 4892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
22:49:12.0980 4892 wcncsvc - ok
22:49:12.0994 4892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:49:12.0997 4892 WcsPlugInService - ok
22:49:13.0034 4892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
22:49:13.0035 4892 Wd - ok
22:49:13.0048 4892 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:49:13.0056 4892 Wdf01000 - ok
22:49:13.0069 4892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
22:49:13.0073 4892 WdiServiceHost - ok
22:49:13.0078 4892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
22:49:13.0081 4892 WdiSystemHost - ok
22:49:13.0123 4892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
22:49:13.0129 4892 WebClient - ok
22:49:13.0150 4892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
22:49:13.0155 4892 Wecsvc - ok
22:49:13.0170 4892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
22:49:13.0173 4892 wercplsupport - ok
22:49:13.0200 4892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
22:49:13.0203 4892 WerSvc - ok
22:49:13.0232 4892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:49:13.0234 4892 WfpLwf - ok
22:49:13.0251 4892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:49:13.0252 4892 WIMMount - ok
22:49:13.0262 4892 WinDefend - ok
22:49:13.0269 4892 WinHttpAutoProxySvc - ok
22:49:13.0323 4892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:49:13.0326 4892 Winmgmt - ok
22:49:13.0404 4892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
22:49:13.0430 4892 WinRM - ok
22:49:13.0504 4892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
22:49:13.0517 4892 Wlansvc - ok
22:49:13.0569 4892 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:49:13.0571 4892 wlcrasvc - ok
22:49:13.0674 4892 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:49:13.0701 4892 wlidsvc - ok
22:49:13.0722 4892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
22:49:13.0723 4892 WmiAcpi - ok
22:49:13.0759 4892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:49:13.0762 4892 wmiApSrv - ok
22:49:13.0782 4892 WMPNetworkSvc - ok
22:49:13.0808 4892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
22:49:13.0811 4892 WPCSvc - ok
22:49:13.0818 4892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:49:13.0822 4892 WPDBusEnum - ok
22:49:13.0856 4892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:49:13.0857 4892 ws2ifsl - ok
22:49:13.0867 4892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
22:49:13.0871 4892 wscsvc - ok
22:49:13.0876 4892 WSearch - ok
22:49:13.0960 4892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
22:49:13.0991 4892 wuauserv - ok
22:49:14.0014 4892 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:49:14.0016 4892 WudfPf - ok
22:49:14.0042 4892 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:49:14.0045 4892 WUDFRd - ok
22:49:14.0077 4892 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:49:14.0102 4892 wudfsvc - ok
22:49:14.0126 4892 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
22:49:14.0132 4892 WwanSvc - ok
22:49:14.0174 4892 ================ Scan global ===============================
22:49:14.0223 4892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
22:49:14.0251 4892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:49:14.0262 4892 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
22:49:14.0285 4892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
22:49:14.0332 4892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
22:49:14.0338 4892 [Global] - ok
22:49:14.0338 4892 ================ Scan MBR ==================================
22:49:14.0350 4892 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
22:49:14.0533 4892 \Device\Harddisk0\DR0 - ok
22:49:14.0534 4892 ================ Scan VBR ==================================
22:49:14.0547 4892 [ 283521150E216F4866707022AD07DA2B ] \Device\Harddisk0\DR0\Partition1
22:49:14.0550 4892 \Device\Harddisk0\DR0\Partition1 - ok
22:49:14.0551 4892 ============================================================
22:49:14.0551 4892 Scan finished
22:49:14.0551 4892 ============================================================
22:49:14.0565 0872 Detected object count: 0
22:49:14.0565 0872 Actual detected object count: 0
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby Gary R » November 13th, 2012, 2:30 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 25


Old versions of Java can be exploited. We'll update your Java later.

Reboot your computer when it's uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1353900682-331446898-524479443-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_25)
[2012/11/12 21:31:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{99B22686-7FC9-4833-B7A9-60617B11C05F}
[2012/11/11 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{094395C4-48A6-429E-986B-C4A45B1A6014}
[2012/11/10 21:59:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F3A9BFEC-4299-4EA1-99F3-1396CA1749C3}
[2012/11/10 09:59:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B932B3A-5BB7-4226-8EC4-81DCBAC7D30A}
[2012/11/09 17:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F337C580-2A80-4B2B-9C35-A118C10F650C}
[2012/11/08 18:33:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{682B21F1-8F0D-4ECD-89FF-58A808EB1310}
[2012/11/07 17:21:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4E3B36B4-4BB6-4E5C-9327-94AC44FD4060}
[2012/11/06 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A8352257-D631-467E-A0EA-D7066FD54B91}
[2012/11/06 22:21:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{063C08EC-716B-4015-88FE-262C7948C324}
[2012/11/06 13:26:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FB0A2751-39B3-4F33-AC99-E1EB795BAB65}
[2012/11/05 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E8AF5AB1-E8C8-49F1-9FA8-D2D09EB8D062}
[2012/11/04 11:48:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{45E4BCB8-C168-4487-8CA3-659F30BFD35E}
[2012/11/03 21:19:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DAEB363F-06CA-4F08-B276-D19BA7D2D93E}
[2012/11/03 09:19:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{284AFF7D-DFAC-45EA-81CD-4B6844D6809C}
[2012/11/02 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{68F3EBD4-1A28-4906-B128-229BD56BFD4F}
[2012/11/01 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{544B27A6-D002-4F04-9354-896D665031D0}
[2012/10/31 12:18:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{BDDD820B-A831-4896-ACEA-AEDCDD549C88}
[2012/10/30 19:20:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8CE378D5-F4EF-471B-B94C-731AB12B077B}
[2012/10/29 12:17:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F08EA8A4-BD86-4908-97BF-FF4D19337F58}
[2012/10/28 19:39:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9163EE48-22EC-45FF-9A67-C3119DA9E869}
[2012/10/25 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{2C6DE0D4-7360-486C-9212-AD03861B5EB2}
[2012/10/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{327895A7-DECB-46E2-88CC-5B69CEC0AA52}
[2012/10/23 10:49:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6C54A367-BF96-42C3-BE64-E529ED6728C9}
[2012/10/22 18:57:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C5027FB5-420B-468F-B0A4-85676FFC64DC}
[2012/10/21 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0B385C0D-8FE5-4715-8198-F0BD9A0CCA35}
[2012/10/18 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A15286EF-674E-4578-A718-D305F1B84AB4}
[2012/10/17 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{361163A5-B1CE-469D-9993-9943B75EF9F9}
[2012/10/15 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D5E46645-8D62-4C26-8AD0-8E64D8AE1AD6}
[2012/10/14 17:44:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F64526B9-43BC-4257-9D64-010E99C591E0}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
@Alternate Data Stream - 168 bytes -> C:\Users\Owner\Desktop\ilove ilpsy.jpeg:3or4kl4x13tuuug3Byamue2s4b

:commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Annoying pop-ups

Unread postby oink » November 13th, 2012, 10:34 pm

Thank you for the prompt reply, Gary. Here's the OTL fix log:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1353900682-331446898-524479443-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Owner\AppData\Local\{99B22686-7FC9-4833-B7A9-60617B11C05F} folder moved successfully.
C:\Users\Owner\AppData\Local\{094395C4-48A6-429E-986B-C4A45B1A6014} folder moved successfully.
C:\Users\Owner\AppData\Local\{F3A9BFEC-4299-4EA1-99F3-1396CA1749C3} folder moved successfully.
C:\Users\Owner\AppData\Local\{3B932B3A-5BB7-4226-8EC4-81DCBAC7D30A} folder moved successfully.
C:\Users\Owner\AppData\Local\{F337C580-2A80-4B2B-9C35-A118C10F650C} folder moved successfully.
C:\Users\Owner\AppData\Local\{682B21F1-8F0D-4ECD-89FF-58A808EB1310} folder moved successfully.
C:\Users\Owner\AppData\Local\{4E3B36B4-4BB6-4E5C-9327-94AC44FD4060} folder moved successfully.
C:\Users\Owner\AppData\Local\{A8352257-D631-467E-A0EA-D7066FD54B91} folder moved successfully.
C:\Users\Owner\AppData\Local\{063C08EC-716B-4015-88FE-262C7948C324} folder moved successfully.
C:\Users\Owner\AppData\Local\{FB0A2751-39B3-4F33-AC99-E1EB795BAB65} folder moved successfully.
C:\Users\Owner\AppData\Local\{E8AF5AB1-E8C8-49F1-9FA8-D2D09EB8D062} folder moved successfully.
C:\Users\Owner\AppData\Local\{45E4BCB8-C168-4487-8CA3-659F30BFD35E} folder moved successfully.
C:\Users\Owner\AppData\Local\{DAEB363F-06CA-4F08-B276-D19BA7D2D93E} folder moved successfully.
C:\Users\Owner\AppData\Local\{284AFF7D-DFAC-45EA-81CD-4B6844D6809C} folder moved successfully.
C:\Users\Owner\AppData\Local\{68F3EBD4-1A28-4906-B128-229BD56BFD4F} folder moved successfully.
C:\Users\Owner\AppData\Local\{544B27A6-D002-4F04-9354-896D665031D0} folder moved successfully.
C:\Users\Owner\AppData\Local\{BDDD820B-A831-4896-ACEA-AEDCDD549C88} folder moved successfully.
C:\Users\Owner\AppData\Local\{8CE378D5-F4EF-471B-B94C-731AB12B077B} folder moved successfully.
C:\Users\Owner\AppData\Local\{F08EA8A4-BD86-4908-97BF-FF4D19337F58} folder moved successfully.
C:\Users\Owner\AppData\Local\{9163EE48-22EC-45FF-9A67-C3119DA9E869} folder moved successfully.
C:\Users\Owner\AppData\Local\{2C6DE0D4-7360-486C-9212-AD03861B5EB2} folder moved successfully.
C:\Users\Owner\AppData\Local\{327895A7-DECB-46E2-88CC-5B69CEC0AA52} folder moved successfully.
C:\Users\Owner\AppData\Local\{6C54A367-BF96-42C3-BE64-E529ED6728C9} folder moved successfully.
C:\Users\Owner\AppData\Local\{C5027FB5-420B-468F-B0A4-85676FFC64DC} folder moved successfully.
C:\Users\Owner\AppData\Local\{0B385C0D-8FE5-4715-8198-F0BD9A0CCA35} folder moved successfully.
C:\Users\Owner\AppData\Local\{A15286EF-674E-4578-A718-D305F1B84AB4} folder moved successfully.
C:\Users\Owner\AppData\Local\{361163A5-B1CE-469D-9993-9943B75EF9F9} folder moved successfully.
C:\Users\Owner\AppData\Local\{D5E46645-8D62-4C26-8AD0-8E64D8AE1AD6} folder moved successfully.
C:\Users\Owner\AppData\Local\{F64526B9-43BC-4257-9D64-010E99C591E0} folder moved successfully.
C:\windows\msdownld.tmp folder deleted successfully.
ADS C:\Users\Owner\Desktop\ilove ilpsy.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 6378752 bytes
->Temporary Internet Files folder emptied: 95069139 bytes
->Java cache emptied: 25776 bytes
->Google Chrome cache emptied: 28960551 bytes
->Flash cache emptied: 56963 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 228443670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 2195061 bytes

Total Files Cleaned = 345.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11132012_201153

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby oink » November 14th, 2012, 12:25 am

Eset log

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby oink » November 14th, 2012, 12:48 am

Hi Gary R., I don't think if I put the correct log file for ESET. That's all I found on C:\Program Files\ESET\EsetOnlineScanner\log.txt, but the scan says no threats found though. :/ Anyway, I think the problem's fixed. I don't see any pop-ups anymore. Thank you so much. :)
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby Gary R » November 14th, 2012, 2:40 am

If E-Set didn't find anything, then the log you posted is fine.

Your DDS log showed you had a Hosts file re-direct which is almost certainly the cause of your pop-ups, and we fixed that when we reset your Hosts file using OTL. The E-Set scan was just there to make sure there wasn't something else lurking on your computer that we'd missed.

Looks like it's time to remove the programs we've been using to clean your computer, and then to update your Java to the latest version.

First

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Download and install JDK 7 Update 9 (JDK or JRE).

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Annoying pop-ups

Unread postby oink » November 14th, 2012, 11:53 pm

So far I haven't noticed any problems. Thanks a lot Gary and thanks for the suggestions too. :)
oink
Active Member
 
Posts: 10
Joined: November 11th, 2012, 8:22 pm

Re: Annoying pop-ups

Unread postby Gary R » November 15th, 2012, 2:44 am

You're welcome, glad we could help.

Keep safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 132 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware