Jump to content

Rclifford

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by Rclifford

  1. Okay i uninstalled the big 2 but I was about to uninstall all the other programs we used, would my webroot be enough you think? Also, should I stick with my normal vista firewall or download one of the others?
  2. gracias!! ooookay I think im all set on those though ive never really understood either
  3. I'm going to be away from the comp for a bit but ill get the updates either a little later or tomm and definitley let you know how they go! Although theres a few steps left thank you very much for everything so far
  4. Oh and things have been running really well though iha vent reallybeen touching anything while doing the scans
  5. Okay and heres adware # AdwCleaner v2.303 - Logfile created 06/20/2013 at 19:49:01 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare Deleted on reboot : C:\Users\Owner\AppData\Local\PackageAware ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKCU\Software\SanctionedMedia Key Deleted : HKCU\Software\Search Settings Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{847ACFE1-D7C7-402B-82F7-E3A6F470611D} Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\Vuze_Remote Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{847ACFE1-D7C7-402B-82F7-E3A6F470611D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0458D144-0219-4117-BA61-7FB9751D9F35} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A3EA273-1C01-4E21-82C0-3F0395E7037B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Deleted : HKLM\SOFTWARE\Software Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7414 octets] - [20/06/2013 15:44:14] AdwCleaner[s1].txt - [3744 octets] - [20/06/2013 19:49:01] ########## EOF - C:\AdwCleaner[s1].txt - [3804 octets] ##########
  6. heres otl All processes killed ========== OTL ========== C:\Windows\assembly\Desktop.ini moved successfully. File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found. File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found. File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found. File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found. Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1-OWNER-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Owner ->Temp folder emptied: 583820 bytes ->Temporary Internet Files folder emptied: 9265045423 bytes ->Java cache emptied: 18247974 bytes ->FireFox cache emptied: 86458195 bytes ->Google Chrome cache emptied: 6456318 bytes ->Flash cache emptied: 8215798 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1333 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 8,950.00 mb [EMPTYJAVA] User: All Users User: AppData User: Default User: Default User User: Mcx1-OWNER-PC User: Owner ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: Mcx1-OWNER-PC User: Owner ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06202013_193347 Files\Folders moved on Reboot... File\Folder C:\Users\Owner\AppData\Local\Temp\~DF8F78.tmp not found! C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{40CC5FFC-A1C7-4569-A2BC-4E72AECE58D0}.tmp moved successfully. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D0C0D2F6-0641-4A3F-A2D2-8BB5A3977F31}.tmp moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. and here it is! C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\376e6d0d-777c9883 a variant of Java/Exploit.CVE-2011-3544.CC trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7af4c38d-61a79108 a variant of Java/Exploit.CVE-2012-4681.CW trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5889584e-39739c5c multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\61ced00e-7c87e4c1 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\155d94d0-26e90e52 Java/Exploit.CVE-2010-0094.N trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\60c83651-34b699f9 a variant of Java/Exploit.Agent.OPN trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2a4461d3-70c2a3ca a variant of Java/Exploit.Agent.NEA trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2d695c95-6c72b1f1 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\36ec94d7-78853931 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\45af4ad9-6c984037 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\39280a5a-6c238772 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6b8a5103-1a69b404 a variant of Java/Exploit.CVE-2012-1723.CY trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\7b69683-356fea40 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\584d139e-11137605 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\8595022-6a17f268 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\43718b63-23cb378f multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6af79cac-76c2b850 Java/Exploit.Agent.NNO trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\14708bef-2fee5522 a variant of Java/Exploit.Agent.NEA trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\fadc4f1-66b49f63 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\72cc94f7-2302631a a variant of Java/Exploit.Agent.OFX trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\3f4ff9b8-16e0a4bc multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4ee119f9-68f944d4 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4fbbbcf9-7dd3f1bc Java/Exploit.CVE-2012-1723.AT trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3da8003b-4a13599e Java/Exploit.CVE-2012-1723.AO trojan cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4ec54f7e-6f336f43 multiple threats cleaned by deleting - quarantined C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\10c4daff-223d6d69 multiple threats cleaned by deleting - quarantined C:\Users\Owner\Downloads\Zeds_Dead_Adrenaline_EP_2012_320.exe Win32/Adware.1ClickDownload application cleaned by deleting - quarantined
  8. AND HERES THE other: OTL Extras logfile created on: 6/20/2013 3:56:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 21.96% Memory free 6.90 Gb Paging File | 3.99 Gb Available in Paging File | 57.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286.38 Gb Total Space | 1.86 Gb Free Space | 0.65% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 20 89 A2 72 08 7E CC 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "AntivirusOverride" = 0 "UacDisableNotify" = 0 "AntiSpywareDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0209F629-72A2-41AA-8AFE-721451EAE4D1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{0946BB2C-3502-4E3C-9FF7-369FD07F9620}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0C59CAD5-4DB5-4376-A6D5-D873F3256962}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1B2D7E89-DF41-4A1C-A8B7-2AB19A5BF686}" = rport=137 | protocol=17 | dir=out | app=system | "{216D2F7F-0791-43E1-A7CC-CEA77D0747F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{26D02C3D-2844-4694-B1AE-AC05A66B9365}" = lport=445 | protocol=6 | dir=in | app=system | "{359544D5-F089-4659-8437-F8C26459F5BC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{3701E6D8-1C24-47CF-BCF3-C1DFF42291E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4C9D1B83-55C7-4D33-82F6-C57652903633}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4D1CCDE1-F8EE-4744-9399-857D83DF5C97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5868CFF6-97B2-4033-97C5-B8A99C1FE8D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5E8187F9-981C-4FCD-9378-42317947C528}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{678DCC7B-F222-4D80-AFD7-A73102022BEA}" = lport=10244 | protocol=6 | dir=in | app=system | "{724D1CA4-A324-4BA2-8408-BF62F795800C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{724DC6B3-F044-4EEC-98E2-2CB58EAB2A2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{750CED97-AEE8-49CB-A881-2C3AD69D5EFD}" = lport=10244 | protocol=6 | dir=in | app=system | "{75ECA044-AC0B-418D-B4D8-51F5DC6ABFF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8281D272-3F42-4239-A358-784AB5CACCCC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8E70AF00-D0A7-4365-A652-9C83916CC95C}" = rport=139 | protocol=6 | dir=out | app=system | "{8EBE5D76-CB9B-45DC-B00A-0DBD3409C08D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{8FA14358-A0FC-4F73-B6FB-CEAD1F40265B}" = lport=138 | protocol=17 | dir=in | app=system | "{9E757FCD-DEC5-4DA4-B001-DA1508D4BDD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AD25891D-30CA-48EF-9480-70156F5DCBDE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AE61CAFF-5D7B-4979-80A8-353489B2E3B4}" = rport=10244 | protocol=6 | dir=out | app=system | "{B05D5272-985D-49F7-B589-0899583CA9CC}" = lport=3390 | protocol=6 | dir=in | app=system | "{BAEE4E9A-2068-4615-A1C8-5E4FD13B65BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D388A154-E227-47B0-B2A8-48F960F398F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D4CB7EC2-913C-4BB0-BEC7-7BBBB1DC11D6}" = lport=3390 | protocol=6 | dir=in | app=system | "{D55A45C9-436B-4D43-8DD8-2C57D5EA46B8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D67264CF-CB51-4DFB-977E-99F8766EB417}" = rport=138 | protocol=17 | dir=out | app=system | "{DD10E316-1A31-41A2-B24E-A29BDB6601CD}" = lport=137 | protocol=17 | dir=in | app=system | "{DE7985F6-E087-4AFC-BA25-D2DB2837610C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DFE59991-DC90-442C-ACEC-D75405955248}" = lport=139 | protocol=6 | dir=in | app=system | "{E359F2B5-CE78-4854-8E06-3BE88CA124BB}" = rport=445 | protocol=6 | dir=out | app=system | "{E785C07D-6AF1-494F-8734-575DD914FFEC}" = rport=10244 | protocol=6 | dir=out | app=system | "{E840265D-4E96-4D4C-8A9C-FABA29D4D60A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E994AC0C-A7C6-4CB4-BA1B-C1DF506A49EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EE78593F-5BB1-4B02-9C29-3CF1AFEB7555}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{F2C9DAC3-82FB-4629-921C-91C43D594C31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9719EA5-A2D3-4B96-BBD1-52F1C48C8C99}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{FE03974F-E79F-4E0F-B943-0A5551DF87F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{023BCF5E-1678-4C6C-8EF3-3B21E39516C0}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | "{08163F98-4E21-4404-BB76-C73C5E07D995}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0DF1B88C-5193-436C-B2D1-1CF14A214E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{186D6D7F-F7B0-4456-90C3-73085C70D335}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{18F7E0C6-F495-4F0B-B86F-2A3410FD0A46}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{1B9C4756-D936-4A65-8F71-23B96B9920E7}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe | "{1F2AAED1-BC69-4F33-8A11-67907238B98C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{25D45971-100F-4D0C-9ECE-E7931857A8D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{33CA5429-3A37-44D3-AA89-DDE1BCEB2FC7}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{399F1CD4-93D4-4621-A522-017FD1E59F32}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{39C7E13D-DA17-486E-9C09-0562790EBB2E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5B8D0B87-0A9C-4C3F-AD20-A1EB50CAAB3A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{619EFC30-6D71-4F62-B3D5-AA19DB837BB5}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{61A04183-2FA5-411A-9FC8-607C02EE76B5}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{6E8E9DC8-542C-4F22-8A86-8E757683D054}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{740C2FB9-EAED-4664-8056-29144CDF6C0F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{77D89A20-8623-4760-9A88-B6A94A7DCEDF}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | "{78E87B0F-54E1-4CDE-A2C3-DC0771F25464}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{80374A2A-F190-4E76-B229-C33B434E33CC}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe | "{82F1434D-7BED-48D4-80CD-4A1CC7793C15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9E442194-F367-4363-8561-375E09BEBCE2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A215DEEA-CF9D-4381-9637-2F7C71F37E56}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{A249412C-65ED-478F-A265-730F2670C0CB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe | "{A81B613A-7888-4563-96A4-4BD38206962A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{B76FACCA-05AF-45D4-9CC7-469FF3719701}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{B7C379C3-AAAE-4260-B680-3706A3280A57}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{BA0C8059-B1BD-47B0-8A35-4824EE064D53}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BD30FB65-8380-46AB-8720-DD88AB8D9830}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{C9356986-E66F-44A8-9DEF-114A573988BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D58D8296-28B6-4AEA-B094-1DBB248AB834}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D7C061CE-F8B3-48AE-9AF9-5866FDFECDCF}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{DAF2B767-923E-43AE-A1F2-CBFA0EC9D4D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EFE7CF45-1DAA-444A-9D68-63305F72B7B9}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe | "TCP Query User{332C5DDC-9143-46A6-BC5A-8FA27840CB87}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{3B85CEF6-704C-4909-86E3-5FB352DE74F9}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | "TCP Query User{4239AE8C-4AEC-4460-8711-4CD69B7D345D}C:\users\owner\downloads\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\age of empires ii\empires2.exe | "TCP Query User{A15CAF0A-D290-40A0-99DA-31FBB554F84F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{AB4ED0CF-73F3-4DA7-9AB1-FC0177B12D83}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | "TCP Query User{AD031F26-6EA8-423E-AD6C-821DCE8570FC}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | "TCP Query User{BDF7824A-63C4-4C24-BCC5-4A30EC3BA5B6}C:\users\owner\downloads\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\owner\downloads\age of empires ii\empires2.exe | "TCP Query User{C8763505-2F5D-4AF5-97F1-53304B6F2613}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{C89509E4-7D11-47CA-89CA-FC7A74F0A4FB}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | "TCP Query User{DF67313F-D4FC-44A0-AB37-D4DEA2ED7666}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{EE556B2C-5446-4A2D-822B-B7F3D6B70958}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{16A85964-89FF-4FA4-8445-69280C37C999}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{1B909D17-5B9D-4085-8F8D-4183193F5959}C:\users\owner\downloads\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\age of empires ii\empires2.exe | "UDP Query User{209F85BF-8F78-48F2-9ECF-9EDEB6257826}C:\users\owner\downloads\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\owner\downloads\age of empires ii\empires2.exe | "UDP Query User{20B69B7B-D8C8-472D-BCD1-16CA3B8F34C7}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | "UDP Query User{2BDCABF4-0679-4F6A-B5CE-5B92C37A82AB}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{71082194-541D-47BF-9E47-B538E2CCF6E2}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | "UDP Query User{9BB5D5A5-7617-46DE-A717-90F5B44C766A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{B01ADA59-3489-4CD2-AEAE-54655B8F7EBC}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe | "UDP Query User{B6EDAD83-BBDE-4A0B-A407-B7140233EB7E}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | "UDP Query User{D06D43F8-2350-45C1-8CE7-1142076BB5B3}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{D864FD89-9564-4CA3-A9D5-0978D286E4DD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime "{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0 "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8118019-96B5-42FB-9A45-5D82D1CB62EE}" = AxCrypt 1.7.2867.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) "HDMI" = Intel® Graphics Media Accelerator Driver "HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01 "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5 "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist "{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2A95D496-08DA-46C7-8696-FF28CE1F0986}" = Logger Lite 1.6.1 "{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{4BBD417F-13B6-4477-B7C2-AE705864058D}" = YTD Toolbar v7.2 "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer "{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "conduitEngine" = Conduit Engine "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility "InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0 "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa2" = Picasa 2 "PROPLUS" = Microsoft Office Professional Plus 2007 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Vuze_Remote Toolbar" = Vuze Remote Toolbar "Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 6.0.3.2) "WRUNINST" = Webroot SecureAnywhere ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Spotify" = Spotify < End of report >
  9. Here are the OTLs: OTL logfile created on: 6/20/2013 3:56:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 21.96% Memory free 6.90 Gb Paging File | 3.99 Gb Available in Paging File | 57.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286.38 Gb Total Space | 1.86 Gb Free Space | 0.65% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/20 15:54:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe PRC - [2013/06/12 03:24:15 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013/05/26 15:09:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/09/19 15:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2009/04/16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe PRC - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe ========== Modules (No Company Name) ========== MOD - [2013/06/12 03:24:14 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013/05/26 15:09:21 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/11/24 04:03:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2009/04/14 19:57:28 | 000,251,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2009/04/09 19:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2009/03/17 13:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009/03/06 20:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009/02/27 10:26:38 | 001,461,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2009/02/27 08:56:50 | 000,830,224 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009/02/19 16:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC) SRV:64bit: - [2008/08/22 12:26:52 | 000,535,608 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2008/03/18 14:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio) SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/11/21 18:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013/06/20 13:29:55 | 000,742,408 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files (x86)\Webroot\WRSA.exe -- (WRSVC) SRV - [2013/06/12 03:24:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 15:09:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011/09/19 15:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService) SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/04/16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc) SRV - [2009/03/30 18:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2009/03/06 19:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/20 13:29:59 | 000,114,184 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn) DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/10/13 20:55:24 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009/03/25 19:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009/03/23 16:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009/03/18 12:20:08 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2009/03/18 11:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect) DRV:64bit: - [2009/03/03 14:14:24 | 008,040,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/02/12 17:28:00 | 000,057,344 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspe64.sys -- (rimspci) DRV:64bit: - [2009/02/11 19:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2009/01/27 21:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009/01/14 15:50:50 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2008/11/17 09:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008/09/22 08:49:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2008/07/03 23:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2008/03/21 14:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008/01/20 21:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008/01/20 21:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2007/12/11 16:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2007/09/04 12:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm) DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C181F266-0B42-474A-8091-97B43F9B89D1} IE:64bit: - HKLM\..\SearchScopes\{C181F266-0B42-474A-8091-97B43F9B89D1}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\..\SearchScopes,DefaultScope = {C53FCEA2-179F-4533-833D-52B40D5C8639} IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\..\SearchScopes\{C53FCEA2-179F-4533-833D-52B40D5C8639}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7Bfc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3%7D:5.1.0.38 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/17 15:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2013/06/20 13:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\extensions [2012/12/13 02:42:13 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013/05/29 15:05:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013/02/28 18:35:55 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2013/06/16 03:42:04 | 000,000,904 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\searchplugins\yahoo.xml [2013/05/26 15:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/05/26 15:09:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll CHR - plugin: NPWebroot (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\npwebroot.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Webroot = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0\ CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/01/14 21:12:47 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll () O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll () O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll File not found O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll () O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll File not found O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll File not found O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation) O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found O4 - HKLM..\Run: [WRSVC] C:\Program Files (x86)\Webroot\WRSA.exe (Webroot) O4 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000..\Run: [spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll () O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll () O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll () O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D38B25FF-6494-416D-873C-7838C52E9A29}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found O30:64bit: - LSA: Security Packages - (pku2u) - File not found O30 - LSA: Security Packages - (pku2u) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-13300713-1690131114-2204806547-1000..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/06/20 15:54:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/06/20 15:50:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/20 15:47:29 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/06/20 15:47:26 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/20 15:46:24 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe [2013/06/20 15:26:09 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/20 15:09:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/20 15:09:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/20 15:09:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/20 15:09:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/20 15:09:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/20 15:03:20 | 005,081,444 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/06/20 13:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/06/20 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar [2013/06/20 13:34:56 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe [2013/06/18 18:16:42 | 000,000,000 | ---D | C] -- C:\FRST [2013/06/13 03:02:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/06/13 03:02:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/06/13 03:02:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/13 03:02:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/13 03:02:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/06/13 03:02:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/06/13 03:02:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/06/13 03:02:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/06/13 03:02:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/06/13 03:02:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/06/13 03:02:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/13 03:02:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/13 03:02:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/13 03:02:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/06/13 03:02:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/12 09:21:23 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/06/12 09:21:23 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/06/12 09:21:23 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/06/12 09:21:23 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/12 09:21:23 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/06/12 09:21:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/06/12 09:21:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/06/12 09:21:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/06/12 09:21:13 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/12 09:21:13 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/06/12 09:21:13 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll [2013/06/11 02:34:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR [2013/06/10 01:52:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC [2013/06/10 01:51:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC [2013/05/29 02:29:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adventure time 4x02 [2013/05/29 02:11:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR [2013/05/28 03:28:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\adventure time season 4 [2013/05/26 15:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/05/26 15:02:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dropbox [2013/05/21 22:58:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Bobs.Burgers [2012/11/15 09:29:40 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe ========== Files - Modified Within 30 Days ========== [2013/06/20 15:54:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/06/20 15:46:24 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe [2013/06/20 15:43:28 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe [2013/06/20 15:29:17 | 000,890,978 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/06/20 15:28:23 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk [2013/06/20 15:03:21 | 005,081,444 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/06/20 15:01:51 | 000,002,611 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk [2013/06/20 14:13:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/20 14:13:32 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/20 14:13:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/20 14:13:02 | 4156,538,880 | -HS- | M] () -- C:\hiberfil.sys [2013/06/20 13:35:01 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe [2013/06/20 13:29:59 | 000,151,728 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll [2013/06/20 13:29:59 | 000,114,184 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys [2013/06/20 13:29:59 | 000,104,360 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll [2013/06/14 02:55:44 | 056,422,270 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 [2013/06/14 02:54:51 | 053,124,820 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 [2013/06/14 02:54:18 | 057,664,039 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 [2013/06/12 03:24:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/12 03:24:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/11 02:36:59 | 058,198,644 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 [2013/06/11 02:36:32 | 045,166,708 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 [2013/06/10 01:55:49 | 049,868,049 | ---- | M] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 [2013/05/26 17:48:13 | 000,300,334 | ---- | M] () -- C:\Users\Owner\Desktop\AbbreviationsCourse.pdf [2013/05/26 04:33:34 | 000,000,962 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013/06/20 15:43:20 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe [2013/06/20 15:29:14 | 000,890,978 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/06/20 15:09:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/20 15:09:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/20 15:09:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/20 15:09:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/20 15:09:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/16 14:27:30 | 4156,538,880 | -HS- | C] () -- C:\hiberfil.sys [2013/06/14 02:54:35 | 056,422,270 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 [2013/06/14 02:53:56 | 053,124,820 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 [2013/06/14 02:53:19 | 057,664,039 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 [2013/06/11 02:33:32 | 058,198,644 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 [2013/06/11 02:33:11 | 045,166,708 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 [2013/06/10 01:53:01 | 049,868,049 | ---- | C] () -- C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 [2013/05/26 17:48:13 | 000,300,334 | ---- | C] () -- C:\Users\Owner\Desktop\AbbreviationsCourse.pdf [2013/04/24 03:30:29 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2013/04/18 03:08:42 | 115,483,797 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E12.HDTV.x264-EVOLVE.mp4 [2013/03/29 02:39:46 | 114,681,267 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E11.HDTV.x264-EVOLVE.mp4 [2013/03/29 02:38:27 | 183,494,934 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E10.HDTV.x264-2HD.mp4 [2013/03/29 02:37:47 | 121,114,746 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E09.HDTV.x264-2HD.mp4 [2013/03/29 02:35:20 | 194,600,468 | ---- | C] () -- C:\Users\Owner\Louie.S03E03.HDTV.x264-LOL.mp4 [2013/03/26 02:52:18 | 159,861,084 | ---- | C] () -- C:\Users\Owner\Louie.S03E02.HDTV.x264-LOL.mp4 [2013/03/26 02:35:40 | 179,124,533 | ---- | C] () -- C:\Users\Owner\Louie.S03E01.HDTV.x264-LOL.mp4 [2013/03/24 04:22:02 | 123,284,184 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E08.HDTV.x264-ASAP.mp4 [2013/03/21 00:29:09 | 275,399,979 | ---- | C] () -- C:\Users\Owner\American.Horror.Story.S02E11.HDTV.x264-LOL.[VTV].mp4 [2013/03/21 00:25:08 | 253,860,683 | ---- | C] () -- C:\Users\Owner\American.Horror.Story.S02E10.HDTV.x264-LOL.[VTV].mp4 [2013/03/05 03:29:42 | 090,516,892 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E11.HDTV.x264-LOL.mp4 [2013/03/05 02:52:33 | 078,110,970 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E10.HDTV.x264-LOL.mp4 [2013/03/05 02:51:12 | 080,913,718 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E09.HDTV.x264-LOL.mp4 [2013/03/05 01:01:27 | 219,059,822 | ---- | C] () -- C:\Users\Owner\American.Horror.Story.S02E08.HDTV.x264-LOL.[VTV].mp4 [2013/03/05 01:00:45 | 254,523,807 | ---- | C] () -- C:\Users\Owner\American.Horror.Story.S02E07.HDTV.x264-LOL.[VTV].mp4 [2013/03/04 02:58:39 | 108,460,720 | ---- | C] () -- C:\Users\Owner\Archer.2009.S04E07.PROPER.HDTV.x264-EVOLVE.mp4 [2013/03/04 02:38:17 | 258,398,594 | ---- | C] () -- C:\Users\Owner\American.Horror.Story.S02E06.HDTV.x264-LOL.[VTV].mp4 [2013/02/22 03:51:06 | 072,667,424 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E08.HDTV.x264-LOL.mp4 [2013/02/02 02:40:15 | 095,616,279 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E06.HDTV.x264-LOL.mp4 [2013/02/02 02:39:35 | 079,898,751 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E05.HDTV.x264-LOL.mp4 [2013/02/02 02:36:14 | 087,158,672 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E04.HDTV.x264-LOL.mp4 [2013/02/01 22:46:10 | 094,516,681 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E02.HDTV.x264-LOL.mp4 [2013/02/01 21:53:26 | 095,535,118 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E01.HDTV.x264-LOL.mp4 [2013/01/01 05:18:37 | 085,557,854 | ---- | C] () -- C:\Users\Owner\Bobs.Burgers.S03E03.HDTV.x264-LOL.mp4 [2012/12/24 02:04:59 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll [2012/12/24 02:04:59 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll [2012/11/19 15:58:21 | 734,626,128 | ---- | C] () -- C:\Users\Owner\What about Bob.avi [2012/08/09 20:41:27 | 000,006,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat [2011/09/29 08:11:32 | 000,202,240 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/28 13:53:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011/09/28 12:23:59 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011/09/28 12:23:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011/09/28 12:23:00 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011/09/28 12:13:32 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys ========== ZeroAccess Check ========== [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report >
  10. Heres the 2nd: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows Vista Home Premium x64 Ran by Owner on Thu 06/20/2013 at 15:47:33.04 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] application updater Successfully deleted: [service] application updater ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2504091 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\sanctionedmedia" Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\wondershare" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduitengine" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\search settings" Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\vuze_remote" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine" Successfully deleted: [Folder] "C:\Program Files (x86)\vuze_remote" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\Wondershare" ~~~ FireFox Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\z8u3qoo7.default\minidumps [33 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 06/20/2013 at 15:52:48.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Heres 1: # AdwCleaner v2.303 - Logfile created 06/20/2013 at 15:44:14 # Updated 08/06/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Owner - OWNER-PC # Boot Mode : Normal # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\spigot Folder Found : C:\Program Files (x86)\Common Files\Wondershare Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\ConduitEngine Folder Found : C:\Program Files (x86)\Vuze_Remote Folder Found : C:\Program Files (x86)\Vuze_Remote Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare Folder Found : C:\Users\Owner\AppData\Local\Conduit Folder Found : C:\Users\Owner\AppData\Local\PackageAware Folder Found : C:\Users\Owner\AppData\Local\SanctionedMedia Folder Found : C:\Users\Owner\AppData\Local\Wondershare Folder Found : C:\Users\Owner\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Owner\AppData\LocalLow\Search Settings Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote Folder Found : C:\Users\Owner\AppData\LocalLow\Vuze_Remote ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKCU\Software\SanctionedMedia Key Found : HKCU\Software\Search Settings Key Found : HKLM\Software\Application Updater Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\conduitEngine Key Found : HKLM\Software\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{847ACFE1-D7C7-402B-82F7-E3A6F470611D} Key Found : HKLM\Software\Search Settings Key Found : HKLM\Software\Vuze_Remote Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{847ACFE1-D7C7-402B-82F7-E3A6F470611D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0458D144-0219-4117-BA61-7FB9751D9F35} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A3EA273-1C01-4E21-82C0-3F0395E7037B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53E2540C-974D-45D7-BC26-7F8CA53FE0E2} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Key Found : HKLM\SOFTWARE\Software Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.110 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7287 octets] - [20/06/2013 15:44:14] ########## EOF - C:\AdwCleaner[R1].txt - [7347 octets] ##########
  12. Aaaaand heres step 4! : Results of screen317's Security Check version 0.99.67 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Webroot SecureAnywhere Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 11 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  13. Alright heres combofix: ComboFix 13-06-20.01 - Owner 06/20/2013 15:13:21.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.1912 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming . . ((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 ))))))))))))))))))))))))))))))) . . 2013-06-20 20:22 . 2013-06-20 20:22 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp 2013-06-20 20:22 . 2013-06-20 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-20 18:52 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A12E07B-49FE-459F-B2FA-CD10134DAAB3}\mpengine.dll 2013-06-20 18:42 . 2013-06-20 19:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-18 23:16 . 2013-06-18 23:16 -------- dc----w- C:\FRST 2013-06-16 08:41 . 2013-06-16 08:41 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2013-06-12 14:21 . 2013-04-24 04:09 174592 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-11 07:34 . 2013-06-11 07:36 -------- d-----w- c:\users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 06:52 . 2013-06-10 06:52 -------- d-----w- c:\users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-10 06:51 . 2013-06-10 06:51 -------- d-----w- c:\users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-05-29 07:29 . 2013-05-29 07:29 -------- d-----w- c:\users\Owner\Adventure time 4x02 2013-05-29 07:11 . 2013-05-29 07:13 -------- d-----w- c:\users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 08:28 . 2013-05-28 08:39 -------- d-----w- c:\users\Owner\adventure time season 4 2013-05-26 20:02 . 2013-05-26 20:02 -------- d-----w- c:\program files (x86)\Dropbox 2013-05-22 03:58 . 2013-05-22 05:45 -------- d-----w- c:\users\Owner\Bobs.Burgers . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-20 18:29 . 2012-01-17 20:12 151728 ----a-w- c:\windows\SysWow64\WRusr.dll 2013-06-20 18:29 . 2012-01-17 20:12 114184 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2013-06-20 18:29 . 2012-01-17 20:12 104360 ----a-w- c:\windows\system32\WRusr.dll 2013-06-13 08:04 . 2006-11-02 12:35 75825640 ----a-w- c:\windows\system32\mrt.exe 2013-06-12 08:24 . 2012-11-13 21:58 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 08:24 . 2011-10-04 23:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 07:06 . 2011-09-28 19:43 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-15 14:17 . 2013-05-15 07:26 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-13 03:34 . 2013-05-15 07:26 47104 ----a-w- c:\windows\system32\cdd.dll 2013-04-09 01:55 . 2013-05-15 07:26 2774016 ----a-w- c:\windows\system32\win32k.sys 2013-04-04 19:50 . 2013-04-11 19:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 07:42 . 2012-11-15 14:29 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-01-17 21:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-19 1022352] "Spotify Web Helper"="c:\users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X] "NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496] "cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2013-06-20 742408] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-08 1302336] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-3-12 29106336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-15 9842040] Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-15 9842040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2009-02-17 00:09 196608 ----a-w- c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMAgent] 2009-02-17 00:09 143360 ----a-w- c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 13:38 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 153624] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 225816] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 200216] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-13 7220768] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1123840] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\z8u3qoo7.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . BHO-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll Toolbar-{F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files (x86)\YTD Toolbar\IE\7.2\ytdToolbarIE.dll Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe SafeBoot-WudfPf SafeBoot-WudfRd HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TPCHWMsg - c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe AddRemove-Wondershare Video Converter Ultimate_is1 - c:\program files (x86)\Wondershare\Video Converter Ultimate\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:b0,fc,76,a9,a9,7e,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\0a\01\18\07\07\0c?" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2013-06-20 15:26:06 ComboFix-quarantined-files.txt 2013-06-20 20:26 . Pre-Run: 1,398,128,640 bytes free Post-Run: 2,037,325,824 bytes free . - - End Of File - - 099285DB690FBBDD294E783569AFD1CC 5B5E648D12FCADC244C1EC30318E1EB9
  14. Okay Im going to do the Combofix scan but Im not sure how to disable my webroot security stuff and its not on the help page?
  15. The step 2 scans found 2 things in the first scan but I cant seem to find that log, at least I don't think either of these are the first one, heres the second and another I found in the files: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x64 Account is Non-administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_11 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.094000 GHz Memory total: 4155551744, free: 1840783360 Downloaded database version: v2013.06.20.08 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 06/20/2013 13:42:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\drivers\WRkrn.sys \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\NETIO.SYS \SystemRoot\System32\drivers\NDIS.SYS \SystemRoot\System32\drivers\TDI.SYS \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\system32\DRIVERS\Thpevm.SYS \SystemRoot\system32\DRIVERS\thpdrv.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\TVALZFL.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rtlh64.sys \SystemRoot\system32\DRIVERS\NETw5v64.sys \SystemRoot\system32\DRIVERS\sdbus.sys \SystemRoot\system32\DRIVERS\rimspe64.sys \SystemRoot\system32\DRIVERS\rixdpe64.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\VSTwindrvr6.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\IntcHdmi.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\tdtcp.sys \SystemRoot\System32\DRIVERS\tssecsrv.sys \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8006bdf060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8004c5b050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8006bdf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006bde700, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006bdf060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8006a27440, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\ DevicePointer: 0xfffffa8004c5b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 630A7672 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 3074048 Numsec = 600588288 Partition file system is NTFS Partition is bootable Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 603662336 Numsec = 21479424 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Infected: c:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe --> [Trojan.Winlock] Infected: c:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates\2433f433 --> [Trojan.Agent.TPL] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_3074048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_603662336_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished AND THE SECOND: Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.20.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Owner :: OWNER-PC [administrator] 6/20/2013 1:42:13 PM mbar-log-2013-06-20 (13-42-13).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 277536 Time elapsed: 26 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 c:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe (Trojan.Winlock) -> Delete on reboot. c:\Users\Owner\AppData\Roaming\Microsoft\Windows\Templates\2433f433 (Trojan.Agent.TPL) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end)
  16. awesome thanks, and heres the step 1 log, it said it was all clear 13:36:33.0237 5724 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19 13:36:33.0685 5724 ============================================================ 13:36:33.0686 5724 Current date / time: 2013/06/20 13:36:33.0685 13:36:33.0686 5724 SystemInfo: 13:36:33.0686 5724 13:36:33.0686 5724 OS Version: 6.0.6002 ServicePack: 2.0 13:36:33.0686 5724 Product type: Workstation 13:36:33.0686 5724 ComputerName: OWNER-PC 13:36:33.0686 5724 UserName: Owner 13:36:33.0686 5724 Windows directory: C:\Windows 13:36:33.0686 5724 System windows directory: C:\Windows 13:36:33.0686 5724 Running under WOW64 13:36:33.0686 5724 Processor architecture: Intel x64 13:36:33.0686 5724 Number of processors: 2 13:36:33.0686 5724 Page size: 0x1000 13:36:33.0686 5724 Boot type: Normal boot 13:36:33.0686 5724 ============================================================ 13:36:34.0250 5724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:36:34.0255 5724 ============================================================ 13:36:34.0255 5724 \Device\Harddisk0\DR0: 13:36:34.0256 5724 MBR partitions: 13:36:34.0256 5724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CC4000 13:36:34.0256 5724 ============================================================ 13:36:34.0279 5724 C: <-> \Device\Harddisk0\DR0\Partition1 13:36:34.0279 5724 ============================================================ 13:36:34.0279 5724 Initialize success 13:36:34.0279 5724 ============================================================ 13:36:37.0115 0924 ============================================================ 13:36:37.0115 0924 Scan started 13:36:37.0115 0924 Mode: Manual; 13:36:37.0115 0924 ============================================================ 13:36:37.0351 0924 ================ Scan system memory ======================== 13:36:37.0351 0924 System memory - ok 13:36:37.0352 0924 ================ Scan services ============================= 13:36:37.0586 0924 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys 13:36:37.0592 0924 ACPI - ok 13:36:37.0686 0924 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:36:37.0687 0924 AdobeARMservice - ok 13:36:37.0997 0924 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 13:36:37.0999 0924 AdobeFlashPlayerUpdateSvc - ok 13:36:38.0058 0924 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:36:38.0125 0924 adp94xx - ok 13:36:38.0182 0924 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:36:38.0188 0924 adpahci - ok 13:36:38.0218 0924 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 13:36:38.0221 0924 adpu160m - ok 13:36:38.0248 0924 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:36:38.0252 0924 adpu320 - ok 13:36:38.0295 0924 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:36:38.0296 0924 AeLookupSvc - ok 13:36:38.0376 0924 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys 13:36:38.0410 0924 AFD - ok 13:36:38.0457 0924 [ 8FE65709982F2CB7D291F6C9B2C60805 ] AgereModemAudio C:\Windows\system32\agr64svc.exe 13:36:38.0458 0924 AgereModemAudio - ok 13:36:38.0543 0924 [ 55FCDB10E31C22EB67454AAEF42B6725 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 13:36:38.0600 0924 AgereSoftModem - ok 13:36:38.0644 0924 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:36:38.0645 0924 agp440 - ok 13:36:38.0692 0924 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 13:36:38.0721 0924 aic78xx - ok 13:36:38.0743 0924 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe 13:36:38.0745 0924 ALG - ok 13:36:38.0785 0924 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys 13:36:38.0787 0924 aliide - ok 13:36:38.0809 0924 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys 13:36:38.0811 0924 amdide - ok 13:36:38.0863 0924 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:36:38.0884 0924 AmdK8 - ok 13:36:38.0939 0924 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll 13:36:38.0940 0924 Appinfo - ok 13:36:39.0032 0924 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:36:39.0035 0924 Apple Mobile Device - ok 13:36:39.0058 0924 Application Updater - ok 13:36:39.0091 0924 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys 13:36:39.0107 0924 arc - ok 13:36:39.0280 0924 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:36:39.0304 0924 arcsas - ok 13:36:39.0384 0924 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:36:39.0385 0924 AsyncMac - ok 13:36:39.0418 0924 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys 13:36:39.0419 0924 atapi - ok 13:36:39.0526 0924 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:36:39.0571 0924 AudioEndpointBuilder - ok 13:36:39.0593 0924 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:36:39.0596 0924 AudioSrv - ok 13:36:39.0677 0924 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll 13:36:39.0766 0924 BFE - ok 13:36:39.0851 0924 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll 13:36:39.0906 0924 BITS - ok 13:36:39.0937 0924 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 13:36:39.0939 0924 blbdrive - ok 13:36:40.0075 0924 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 13:36:40.0140 0924 Bonjour Service - ok 13:36:40.0167 0924 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:36:40.0169 0924 bowser - ok 13:36:40.0212 0924 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 13:36:40.0213 0924 BrFiltLo - ok 13:36:40.0233 0924 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 13:36:40.0234 0924 BrFiltUp - ok 13:36:40.0291 0924 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll 13:36:40.0293 0924 Browser - ok 13:36:40.0328 0924 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys 13:36:40.0342 0924 Brserid - ok 13:36:40.0361 0924 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 13:36:40.0362 0924 BrSerWdm - ok 13:36:40.0377 0924 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 13:36:40.0378 0924 BrUsbMdm - ok 13:36:40.0396 0924 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 13:36:40.0424 0924 BrUsbSer - ok 13:36:40.0479 0924 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:36:40.0481 0924 BTHMODEM - ok 13:36:40.0587 0924 [ F1140ED3A1E1D6824A63F27AFD9EEF32 ] camsvc C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe 13:36:40.0588 0924 camsvc - ok 13:36:40.0613 0924 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:36:40.0658 0924 cdfs - ok 13:36:40.0701 0924 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:36:40.0724 0924 cdrom - ok 13:36:40.0773 0924 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll 13:36:40.0774 0924 CertPropSvc - ok 13:36:40.0824 0924 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys 13:36:40.0826 0924 circlass - ok 13:36:40.0869 0924 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys 13:36:40.0915 0924 CLFS - ok 13:36:41.0110 0924 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:36:41.0136 0924 clr_optimization_v2.0.50727_32 - ok 13:36:41.0224 0924 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:36:41.0253 0924 clr_optimization_v2.0.50727_64 - ok 13:36:41.0323 0924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:36:41.0382 0924 clr_optimization_v4.0.30319_32 - ok 13:36:41.0417 0924 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:36:41.0496 0924 clr_optimization_v4.0.30319_64 - ok 13:36:41.0535 0924 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:36:41.0551 0924 CmBatt - ok 13:36:41.0575 0924 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:36:41.0576 0924 cmdide - ok 13:36:41.0754 0924 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:36:41.0755 0924 Compbatt - ok 13:36:41.0763 0924 COMSysApp - ok 13:36:41.0931 0924 [ BCF2C3177E4777E3793310BAC0244C1A ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe 13:36:41.0932 0924 ConfigFree Gadget Service - ok 13:36:41.0950 0924 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 13:36:41.0951 0924 ConfigFree Service - ok 13:36:41.0981 0924 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:36:42.0036 0924 crcdisk - ok 13:36:42.0138 0924 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:36:42.0225 0924 CryptSvc - ok 13:36:42.0341 0924 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll 13:36:42.0563 0924 DcomLaunch - ok 13:36:42.0796 0924 [ 74C1305F6F784A725B0A40D693FF4A09 ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe 13:36:42.0797 0924 DeviceMonitorService - ok 13:36:42.0816 0924 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:36:42.0831 0924 DfsC - ok 13:36:42.0985 0924 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe 13:36:43.0660 0924 DFSR - ok 13:36:43.0875 0924 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 13:36:44.0074 0924 Dhcp - ok 13:36:44.0130 0924 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys 13:36:44.0197 0924 disk - ok 13:36:44.0319 0924 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:36:44.0321 0924 Dnscache - ok 13:36:44.0375 0924 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll 13:36:44.0488 0924 dot3svc - ok 13:36:44.0553 0924 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll 13:36:44.0608 0924 DPS - ok 13:36:44.0661 0924 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:36:44.0687 0924 drmkaud - ok 13:36:44.0809 0924 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:36:44.0818 0924 DXGKrnl - ok 13:36:44.0891 0924 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 13:36:44.0992 0924 E1G60 - ok 13:36:45.0106 0924 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll 13:36:45.0108 0924 EapHost - ok 13:36:45.0238 0924 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys 13:36:45.0338 0924 Ecache - ok 13:36:45.0441 0924 [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:36:45.0674 0924 ehRecvr - ok 13:36:45.0946 0924 [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched C:\Windows\ehome\ehsched.exe 13:36:45.0947 0924 ehSched - ok 13:36:46.0138 0924 [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart C:\Windows\ehome\ehstart.dll 13:36:46.0174 0924 ehstart - ok 13:36:46.0304 0924 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:36:46.0588 0924 elxstor - ok 13:36:46.0680 0924 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll 13:36:46.0786 0924 EMDMgmt - ok 13:36:46.0859 0924 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:36:46.0907 0924 ErrDev - ok 13:36:46.0996 0924 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll 13:36:47.0089 0924 EventSystem - ok 13:36:47.0242 0924 [ B43896E1DE42639BA7AD4FD7988C01E5 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 13:36:47.0604 0924 EvtEng - ok 13:36:47.0717 0924 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys 13:36:47.0829 0924 exfat - ok 13:36:47.0887 0924 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:36:47.0982 0924 fastfat - ok 13:36:48.0105 0924 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:36:48.0137 0924 fdc - ok 13:36:48.0176 0924 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll 13:36:48.0176 0924 fdPHost - ok 13:36:48.0189 0924 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll 13:36:48.0190 0924 FDResPub - ok 13:36:48.0205 0924 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:36:48.0250 0924 FileInfo - ok 13:36:48.0291 0924 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:36:48.0345 0924 Filetrace - ok 13:36:48.0412 0924 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:36:48.0437 0924 flpydisk - ok 13:36:48.0505 0924 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:36:48.0638 0924 FltMgr - ok 13:36:48.0869 0924 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll 13:36:49.0269 0924 FontCache - ok 13:36:49.0375 0924 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:36:49.0376 0924 FontCache3.0.0.0 - ok 13:36:49.0721 0924 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:36:49.0747 0924 Fs_Rec - ok 13:36:49.0847 0924 [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys 13:36:49.0865 0924 FwLnk - ok 13:36:49.0893 0924 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:36:49.0946 0924 gagp30kx - ok 13:36:50.0190 0924 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:36:50.0191 0924 GEARAspiWDM - ok 13:36:50.0307 0924 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll 13:36:50.0557 0924 gpsvc - ok 13:36:50.0787 0924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:36:50.0821 0924 gupdate - ok 13:36:50.0898 0924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 13:36:50.0900 0924 gupdatem - ok 13:36:50.0959 0924 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 13:36:51.0104 0924 gusvc - ok 13:36:51.0226 0924 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:36:51.0449 0924 HdAudAddService - ok 13:36:51.0514 0924 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:36:51.0902 0924 HDAudBus - ok 13:36:51.0963 0924 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:36:51.0982 0924 HidBth - ok 13:36:52.0051 0924 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys 13:36:52.0073 0924 HidIr - ok 13:36:52.0127 0924 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll 13:36:52.0142 0924 hidserv - ok 13:36:52.0177 0924 [ D02C82CB3A20F391C8AEFF94E8E0BAA1 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:36:52.0203 0924 HidUsb - ok 13:36:52.0406 0924 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll 13:36:52.0462 0924 hkmsvc - ok 13:36:52.0512 0924 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 13:36:52.0530 0924 HpCISSs - ok 13:36:52.0702 0924 [ 34E9BF9CAEBF49B8AAF1FF45AB5AE577 ] HPSIService C:\Windows\system32\HPSIsvc.exe 13:36:52.0704 0924 HPSIService - ok 13:36:52.0804 0924 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS 13:36:52.0980 0924 HSFHWAZL - ok 13:36:53.0096 0924 [ E6CD7F641916484B0141D191A390D866 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS 13:36:54.0016 0924 HSF_DPV - ok 13:36:54.0117 0924 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:36:54.0384 0924 HTTP - ok 13:36:54.0467 0924 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys 13:36:54.0491 0924 i2omp - ok 13:36:54.0577 0924 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:36:54.0606 0924 i8042prt - ok 13:36:54.0748 0924 [ 1ADAA4F16073FD0C7270F451FD024E97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 13:36:54.0753 0924 iaStor - ok 13:36:54.0983 0924 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 13:36:55.0190 0924 iaStorV - ok 13:36:55.0282 0924 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 13:36:55.0478 0924 IDriverT - ok 13:36:55.0653 0924 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:36:55.0868 0924 idsvc - ok 13:36:56.0155 0924 [ 8B7DE1EA805335B1361D459ACB4ECE18 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 13:36:59.0913 0924 igfx - ok 13:37:00.0043 0924 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:37:00.0059 0924 iirsp - ok 13:37:00.0127 0924 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll 13:37:00.0271 0924 IKEEXT - ok 13:37:00.0431 0924 [ CE57D1A91272A35989837B868C8366DF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 13:37:00.0443 0924 IntcAzAudAddService - ok 13:37:00.0574 0924 [ BE1CB000C655396C9DEF09AEE3EA2D67 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 13:37:00.0601 0924 IntcHdmiAddService - ok 13:37:00.0632 0924 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys 13:37:00.0660 0924 intelide - ok 13:37:00.0707 0924 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:37:00.0708 0924 intelppm - ok 13:37:00.0766 0924 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:37:00.0768 0924 IPBusEnum - ok 13:37:00.0860 0924 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:37:00.0883 0924 IpFilterDriver - ok 13:37:00.0959 0924 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:37:01.0059 0924 iphlpsvc - ok 13:37:01.0065 0924 IpInIp - ok 13:37:01.0114 0924 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 13:37:01.0148 0924 IPMIDRV - ok 13:37:01.0174 0924 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 13:37:01.0200 0924 IPNAT - ok 13:37:01.0284 0924 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:37:01.0572 0924 iPod Service - ok 13:37:01.0615 0924 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:37:01.0645 0924 IRENUM - ok 13:37:01.0725 0924 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:37:01.0764 0924 isapnp - ok 13:37:01.0802 0924 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 13:37:01.0804 0924 iScsiPrt - ok 13:37:01.0823 0924 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 13:37:01.0848 0924 iteatapi - ok 13:37:01.0968 0924 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys 13:37:01.0989 0924 iteraid - ok 13:37:02.0029 0924 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:37:02.0030 0924 kbdclass - ok 13:37:02.0097 0924 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 13:37:02.0115 0924 kbdhid - ok 13:37:02.0248 0924 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe 13:37:02.0249 0924 KeyIso - ok 13:37:02.0893 0924 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:37:04.0328 0924 KSecDD - ok 13:37:04.0390 0924 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:37:04.0411 0924 ksthunk - ok 13:37:04.0508 0924 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll 13:37:04.0622 0924 KtmRm - ok 13:37:04.0723 0924 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll 13:37:04.0767 0924 LanmanServer - ok 13:37:04.0829 0924 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:37:04.0929 0924 LanmanWorkstation - ok 13:37:05.0026 0924 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 13:37:05.0058 0924 LightScribeService - ok 13:37:05.0103 0924 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:37:05.0128 0924 lltdio - ok 13:37:05.0189 0924 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:37:05.0367 0924 lltdsvc - ok 13:37:05.0389 0924 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:37:05.0390 0924 lmhosts - ok 13:37:05.0473 0924 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:37:05.0497 0924 LSI_FC - ok 13:37:05.0525 0924 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:37:05.0588 0924 LSI_SAS - ok 13:37:05.0614 0924 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:37:05.0651 0924 LSI_SCSI - ok 13:37:05.0726 0924 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys 13:37:05.0790 0924 luafv - ok 13:37:05.0905 0924 [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:37:05.0933 0924 Mcx2Svc - ok 13:37:06.0001 0924 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys 13:37:06.0029 0924 megasas - ok 13:37:06.0080 0924 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys 13:37:06.0381 0924 MegaSR - ok 13:37:06.0422 0924 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll 13:37:06.0423 0924 MMCSS - ok 13:37:06.0438 0924 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys 13:37:06.0439 0924 Modem - ok 13:37:06.0458 0924 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:37:06.0459 0924 monitor - ok 13:37:06.0535 0924 motccgp - ok 13:37:06.0542 0924 motccgpfl - ok 13:37:06.0637 0924 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe 13:37:06.0681 0924 MotoHelper - ok 13:37:06.0689 0924 MotoSwitchService - ok 13:37:06.0734 0924 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:37:06.0735 0924 mouclass - ok 13:37:06.0826 0924 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:37:06.0849 0924 mouhid - ok 13:37:06.0882 0924 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 13:37:06.0898 0924 MountMgr - ok 13:37:07.0007 0924 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:37:07.0045 0924 MozillaMaintenance - ok 13:37:07.0123 0924 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys 13:37:07.0149 0924 mpio - ok 13:37:07.0238 0924 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:37:07.0258 0924 mpsdrv - ok 13:37:07.0322 0924 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll 13:37:07.0453 0924 MpsSvc - ok 13:37:07.0520 0924 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 13:37:07.0535 0924 Mraid35x - ok 13:37:07.0624 0924 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:37:07.0716 0924 MRxDAV - ok 13:37:07.0842 0924 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:37:07.0894 0924 mrxsmb - ok 13:37:07.0922 0924 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:37:08.0116 0924 mrxsmb10 - ok 13:37:08.0122 0924 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:37:08.0146 0924 mrxsmb20 - ok 13:37:08.0181 0924 [ E7E3E515D1D33A2A372D7FCE2BBEF5D9 ] msahci C:\Windows\system32\drivers\msahci.sys 13:37:08.0182 0924 msahci - ok 13:37:08.0219 0924 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:37:08.0240 0924 msdsm - ok 13:37:08.0280 0924 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe 13:37:08.0317 0924 MSDTC - ok 13:37:08.0330 0924 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:37:08.0331 0924 Msfs - ok 13:37:08.0409 0924 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:37:08.0410 0924 msisadrv - ok 13:37:08.0451 0924 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:37:08.0541 0924 MSiSCSI - ok 13:37:08.0551 0924 msiserver - ok 13:37:08.0661 0924 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:37:08.0690 0924 MSKSSRV - ok 13:37:08.0751 0924 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:37:08.0791 0924 MSPCLOCK - ok 13:37:08.0913 0924 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:37:08.0937 0924 MSPQM - ok 13:37:09.0007 0924 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:37:09.0175 0924 MsRPC - ok 13:37:09.0229 0924 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:37:09.0231 0924 mssmbios - ok 13:37:09.0309 0924 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:37:09.0325 0924 MSTEE - ok 13:37:09.0462 0924 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys 13:37:09.0484 0924 Mup - ok 13:37:09.0542 0924 [ 86292363B050C1B55FE77D75AF3EFB71 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys 13:37:09.0549 0924 mvusbews - ok 13:37:09.0596 0924 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll 13:37:09.0798 0924 napagent - ok 13:37:09.0889 0924 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:37:10.0001 0924 NativeWifiP - ok 13:37:10.0144 0924 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:37:10.0476 0924 NDIS - ok 13:37:10.0514 0924 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:37:10.0548 0924 NdisTapi - ok 13:37:10.0570 0924 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:37:10.0593 0924 Ndisuio - ok 13:37:10.0626 0924 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:37:10.0740 0924 NdisWan - ok 13:37:10.0785 0924 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:37:10.0802 0924 NDProxy - ok 13:37:10.0868 0924 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:37:10.0889 0924 NetBIOS - ok 13:37:10.0946 0924 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 13:37:11.0103 0924 netbt - ok 13:37:11.0129 0924 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe 13:37:11.0131 0924 Netlogon - ok 13:37:11.0201 0924 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll 13:37:11.0347 0924 Netman - ok 13:37:11.0412 0924 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll 13:37:11.0499 0924 netprofm - ok 13:37:11.0571 0924 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:37:11.0592 0924 NetTcpPortSharing - ok 13:37:11.0806 0924 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys 13:37:14.0162 0924 NETw5v64 - ok 13:37:14.0214 0924 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:37:14.0237 0924 nfrd960 - ok 13:37:14.0303 0924 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll 13:37:14.0369 0924 NlaSvc - ok 13:37:14.0421 0924 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:37:14.0445 0924 Npfs - ok 13:37:14.0501 0924 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll 13:37:14.0503 0924 nsi - ok 13:37:14.0519 0924 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:37:14.0543 0924 nsiproxy - ok 13:37:14.0662 0924 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:37:15.0288 0924 Ntfs - ok 13:37:15.0340 0924 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys 13:37:15.0381 0924 Null - ok 13:37:15.0411 0924 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:37:15.0460 0924 nvraid - ok 13:37:15.0501 0924 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:37:15.0541 0924 nvstor - ok 13:37:15.0626 0924 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:37:15.0662 0924 nv_agp - ok 13:37:15.0669 0924 NwlnkFlt - ok 13:37:15.0678 0924 NwlnkFwd - ok 13:37:15.0767 0924 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 13:37:15.0917 0924 odserv - ok 13:37:15.0986 0924 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:37:16.0024 0924 ohci1394 - ok 13:37:16.0176 0924 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:37:16.0266 0924 ose - ok 13:37:16.0346 0924 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll 13:37:16.0733 0924 p2pimsvc - ok 13:37:16.0752 0924 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll 13:37:16.0759 0924 p2psvc - ok 13:37:16.0830 0924 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys 13:37:16.0885 0924 Parport - ok 13:37:16.0971 0924 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:37:17.0016 0924 partmgr - ok 13:37:17.0081 0924 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll 13:37:17.0136 0924 PcaSvc - ok 13:37:17.0241 0924 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys 13:37:17.0363 0924 pci - ok 13:37:17.0420 0924 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\DRIVERS\pciide.sys 13:37:17.0459 0924 pciide - ok 13:37:17.0513 0924 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:37:17.0648 0924 pcmcia - ok 13:37:17.0685 0924 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:37:18.0098 0924 PEAUTH - ok 13:37:18.0249 0924 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:37:18.0273 0924 PerfHost - ok 13:37:18.0383 0924 [ 2C3BA65F8CA712730050C29104E093F9 ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys 13:37:18.0408 0924 PGEffect - ok 13:37:18.0489 0924 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll 13:37:19.0245 0924 pla - ok 13:37:19.0368 0924 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:37:19.0505 0924 PlugPlay - ok 13:37:19.0548 0924 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 13:37:19.0559 0924 PNRPAutoReg - ok 13:37:19.0603 0924 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll 13:37:19.0613 0924 PNRPsvc - ok 13:37:19.0674 0924 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:37:19.0907 0924 PolicyAgent - ok 13:37:19.0953 0924 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:37:20.0012 0924 PptpMiniport - ok 13:37:20.0088 0924 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys 13:37:20.0113 0924 Processor - ok 13:37:20.0162 0924 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll 13:37:20.0262 0924 ProfSvc - ok 13:37:20.0300 0924 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe 13:37:20.0302 0924 ProtectedStorage - ok 13:37:20.0433 0924 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 13:37:20.0462 0924 PSched - ok 13:37:20.0530 0924 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:37:21.0228 0924 ql2300 - ok 13:37:21.0241 0924 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:37:21.0256 0924 ql40xx - ok 13:37:21.0298 0924 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll 13:37:21.0514 0924 QWAVE - ok 13:37:21.0561 0924 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:37:21.0562 0924 QWAVEdrv - ok 13:37:21.0589 0924 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:37:21.0652 0924 RasAcd - ok 13:37:21.0720 0924 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll 13:37:21.0782 0924 RasAuto - ok 13:37:21.0902 0924 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:37:21.0946 0924 Rasl2tp - ok 13:37:21.0995 0924 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll 13:37:22.0156 0924 RasMan - ok 13:37:22.0163 0924 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:37:22.0170 0924 RasPppoe - ok 13:37:22.0209 0924 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:37:22.0257 0924 RasSstp - ok 13:37:22.0302 0924 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:37:22.0362 0924 rdbss - ok 13:37:22.0403 0924 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:37:22.0428 0924 RDPCDD - ok 13:37:22.0484 0924 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 13:37:22.0707 0924 rdpdr - ok 13:37:22.0714 0924 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:37:22.0733 0924 RDPENCDD - ok 13:37:22.0803 0924 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:37:22.0973 0924 RDPWD - ok 13:37:23.0114 0924 [ 02B918C898D017B428536AE77BCAAB25 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 13:37:23.0336 0924 RegSrvc - ok 13:37:23.0392 0924 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:37:23.0465 0924 RemoteAccess - ok 13:37:23.0574 0924 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:37:23.0719 0924 RemoteRegistry - ok 13:37:23.0819 0924 [ ABF0D2EAE54A7F071A54BD2828C982CA ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys 13:37:23.0843 0924 rimspci - ok 13:37:23.0940 0924 [ E8ED37D472EB5211C0A34FD63A3971E9 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys 13:37:23.0977 0924 rixdpcie - ok 13:37:24.0019 0924 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe 13:37:24.0042 0924 RpcLocator - ok 13:37:24.0137 0924 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll 13:37:24.0145 0924 RpcSs - ok 13:37:24.0203 0924 RSELSVC - ok 13:37:24.0241 0924 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:37:24.0281 0924 rspndr - ok 13:37:24.0430 0924 [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys 13:37:24.0434 0924 RTL8169 - ok 13:37:24.0468 0924 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe 13:37:24.0471 0924 SamSs - ok 13:37:24.0521 0924 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:37:24.0559 0924 sbp2port - ok 13:37:24.0680 0924 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:37:24.0802 0924 SCardSvr - ok 13:37:24.0946 0924 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll 13:37:25.0269 0924 Schedule - ok 13:37:25.0413 0924 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll 13:37:25.0414 0924 SCPolicySvc - ok 13:37:25.0553 0924 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 13:37:25.0556 0924 sdbus - ok 13:37:25.0586 0924 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:37:25.0590 0924 SDRSVC - ok 13:37:25.0613 0924 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:37:25.0614 0924 secdrv - ok 13:37:25.0627 0924 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll 13:37:25.0629 0924 seclogon - ok 13:37:25.0645 0924 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll 13:37:25.0648 0924 SENS - ok 13:37:25.0668 0924 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys 13:37:25.0669 0924 Serenum - ok 13:37:25.0696 0924 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys 13:37:25.0699 0924 Serial - ok 13:37:25.0723 0924 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:37:25.0747 0924 sermouse - ok 13:37:25.0804 0924 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll 13:37:25.0818 0924 SessionEnv - ok 13:37:25.0885 0924 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:37:25.0901 0924 sffdisk - ok 13:37:25.0923 0924 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:37:25.0946 0924 sffp_mmc - ok 13:37:25.0971 0924 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:37:25.0998 0924 sffp_sd - ok 13:37:26.0048 0924 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:37:26.0083 0924 sfloppy - ok 13:37:26.0116 0924 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:37:26.0303 0924 SharedAccess - ok 13:37:26.0380 0924 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:37:26.0539 0924 ShellHWDetection - ok 13:37:26.0564 0924 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 13:37:26.0589 0924 SiSRaid2 - ok 13:37:26.0677 0924 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:37:26.0724 0924 SiSRaid4 - ok 13:37:26.0843 0924 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe 13:37:27.0677 0924 slsvc - ok 13:37:27.0744 0924 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll 13:37:27.0795 0924 SLUINotify - ok 13:37:27.0837 0924 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:37:27.0855 0924 Smb - ok 13:37:27.0909 0924 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:37:27.0931 0924 SNMPTRAP - ok 13:37:27.0995 0924 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys 13:37:27.0996 0924 spldr - ok 13:37:28.0275 0924 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe 13:37:28.0343 0924 Spooler - ok 13:37:28.0387 0924 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys 13:37:28.0632 0924 srv - ok 13:37:28.0694 0924 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:37:28.0697 0924 srv2 - ok 13:37:28.0715 0924 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:37:28.0792 0924 srvnet - ok 13:37:28.0827 0924 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:37:28.0914 0924 SSDPSRV - ok 13:37:28.0952 0924 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:37:28.0996 0924 SstpSvc - ok 13:37:29.0072 0924 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll 13:37:29.0256 0924 stisvc - ok 13:37:29.0275 0924 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:37:29.0276 0924 swenum - ok 13:37:29.0404 0924 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll 13:37:29.0683 0924 swprv - ok 13:37:29.0723 0924 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 13:37:29.0741 0924 Symc8xx - ok 13:37:29.0800 0924 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 13:37:29.0824 0924 Sym_hi - ok 13:37:29.0849 0924 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 13:37:29.0875 0924 Sym_u3 - ok 13:37:29.0943 0924 [ 6DE6D25CC1D1CB694A1CC3E4604DB644 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 13:37:29.0946 0924 SynTP - ok 13:37:30.0041 0924 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll 13:37:30.0188 0924 SysMain - ok 13:37:30.0219 0924 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:37:30.0223 0924 TabletInputService - ok 13:37:30.0354 0924 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:37:30.0442 0924 TapiSrv - ok 13:37:30.0476 0924 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll 13:37:30.0480 0924 TBS - ok 13:37:30.0682 0924 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:37:31.0227 0924 Tcpip - ok 13:37:31.0280 0924 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 13:37:31.0294 0924 Tcpip6 - ok 13:37:31.0353 0924 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:37:31.0386 0924 tcpipreg - ok 13:37:31.0437 0924 [ D45586A9FACB2C9708B10E491EF748A6 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 13:37:31.0438 0924 tdcmdpst - ok 13:37:31.0466 0924 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:37:31.0520 0924 TDPIPE - ok 13:37:31.0581 0924 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:37:31.0606 0924 TDTCP - ok 13:37:31.0702 0924 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:37:31.0732 0924 tdx - ok 13:37:31.0782 0924 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:37:31.0783 0924 TermDD - ok 13:37:31.0884 0924 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll 13:37:32.0087 0924 TermService - ok 13:37:32.0117 0924 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll 13:37:32.0122 0924 Themes - ok 13:37:32.0215 0924 [ E29A0C5C97615BFFAB138ABE308733B4 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys 13:37:32.0234 0924 Thpdrv - ok 13:37:32.0289 0924 [ D6704940A79831B4FA271D7A73D291D8 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS 13:37:32.0290 0924 Thpevm - ok 13:37:32.0388 0924 [ 8F0D1A0C9C25CC61E193C0C22422A9EA ] Thpsrv C:\Windows\system32\ThpSrv.exe 13:37:32.0573 0924 Thpsrv - ok 13:37:32.0622 0924 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll 13:37:32.0624 0924 THREADORDER - ok 13:37:32.0930 0924 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 13:37:32.0932 0924 TMachInfo - ok 13:37:32.0983 0924 [ 22BC804EFE155F54252F389B0781D7F2 ] TNaviSrv C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 13:37:32.0987 0924 TNaviSrv - ok 13:37:33.0034 0924 [ 19AF3434564E973BC232BBD629EC2BF6 ] TODDSrv C:\Windows\system32\TODDSrv.exe 13:37:33.0038 0924 TODDSrv - ok 13:37:33.0102 0924 [ 7810E3A97E004CD2641FD3FC5D2A62CD ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 13:37:33.0110 0924 TosCoSrv - ok 13:37:33.0168 0924 [ 947B552AF9371BB52AB1E8C184D1A3D0 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe 13:37:33.0223 0924 TOSHIBA eco Utility Service - ok 13:37:33.0295 0924 [ B67C69E2982769355D9FF76DD3B2A0FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 13:37:33.0296 0924 TOSHIBA HDD SSD Alert Service - ok 13:37:33.0345 0924 [ DD50A5DF5F7B29FDB6B5FEA728C43DC3 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys 13:37:33.0355 0924 tos_sps64 - ok 13:37:33.0414 0924 [ 66C4503D050DBACAFC5B38FE54EDD86F ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 13:37:33.0436 0924 TPCHSrv - ok 13:37:33.0474 0924 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll 13:37:33.0478 0924 TrkWks - ok 13:37:33.0533 0924 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:37:33.0534 0924 TrustedInstaller - ok 13:37:33.0594 0924 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:37:33.0626 0924 tssecsrv - ok 13:37:33.0655 0924 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 13:37:33.0657 0924 tunmp - ok 13:37:33.0681 0924 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:37:33.0682 0924 tunnel - ok 13:37:33.0748 0924 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 13:37:33.0749 0924 TVALZ - ok 13:37:33.0821 0924 [ BE32A8658A0B56474AD4D0BB8AFA8E55 ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys 13:37:33.0822 0924 TVALZFL - ok 13:37:33.0851 0924 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:37:33.0867 0924 uagp35 - ok 13:37:33.0937 0924 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:37:33.0944 0924 udfs - ok 13:37:34.0004 0924 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:37:34.0007 0924 UI0Detect - ok 13:37:34.0034 0924 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:37:34.0087 0924 uliagpkx - ok 13:37:34.0140 0924 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys 13:37:34.0146 0924 uliahci - ok 13:37:34.0172 0924 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys 13:37:34.0288 0924 UlSata - ok 13:37:34.0313 0924 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 13:37:34.0319 0924 ulsata2 - ok 13:37:34.0349 0924 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:37:34.0377 0924 umbus - ok 13:37:34.0429 0924 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys 13:37:34.0431 0924 UMPass - ok 13:37:34.0486 0924 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll 13:37:34.0607 0924 upnphost - ok 13:37:34.0726 0924 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 13:37:34.0728 0924 USBAAPL64 - ok 13:37:34.0818 0924 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:37:34.0833 0924 usbccgp - ok 13:37:34.0889 0924 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:37:34.0892 0924 usbcir - ok 13:37:34.0912 0924 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:37:34.0913 0924 usbehci - ok 13:37:34.0939 0924 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:37:34.0943 0924 usbhub - ok 13:37:34.0963 0924 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:37:34.0964 0924 usbohci - ok 13:37:34.0994 0924 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:37:35.0017 0924 usbprint - ok 13:37:35.0062 0924 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:37:35.0092 0924 USBSTOR - ok 13:37:35.0106 0924 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 13:37:35.0107 0924 usbuhci - ok 13:37:35.0139 0924 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 13:37:35.0143 0924 usbvideo - ok 13:37:35.0179 0924 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll 13:37:35.0182 0924 UxSms - ok 13:37:35.0254 0924 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 13:37:35.0310 0924 VBoxNetAdp - ok 13:37:35.0315 0924 VBoxNetFlt - ok 13:37:35.0396 0924 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe 13:37:35.0406 0924 vds - ok 13:37:35.0427 0924 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:37:35.0428 0924 vga - ok 13:37:35.0434 0924 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys 13:37:35.0435 0924 VgaSave - ok 13:37:35.0482 0924 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys 13:37:35.0484 0924 viaide - ok 13:37:35.0519 0924 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:37:35.0521 0924 volmgr - ok 13:37:35.0563 0924 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:37:35.0572 0924 volmgrx - ok 13:37:35.0633 0924 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:37:35.0638 0924 volsnap - ok 13:37:35.0670 0924 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:37:35.0726 0924 vsmraid - ok 13:37:35.0800 0924 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe 13:37:35.0975 0924 VSS - ok 13:37:36.0034 0924 [ E72B7F6AD60EC55B2BBEF6C6202CDE2A ] VSTWinDriver6 C:\Windows\system32\drivers\VSTwindrvr6.sys 13:37:36.0079 0924 VSTWinDriver6 - ok 13:37:36.0133 0924 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll 13:37:36.0167 0924 W32Time - ok 13:37:36.0470 0924 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:37:36.0494 0924 WacomPen - ok 13:37:36.0562 0924 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 13:37:36.0565 0924 Wanarp - ok 13:37:36.0570 0924 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:37:36.0571 0924 Wanarpv6 - ok 13:37:36.0629 0924 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:37:36.0703 0924 wcncsvc - ok 13:37:36.0739 0924 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:37:36.0817 0924 WcsPlugInService - ok 13:37:36.0859 0924 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys 13:37:36.0948 0924 Wd - ok 13:37:37.0007 0924 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 13:37:37.0009 0924 WDC_SAM - ok 13:37:37.0101 0924 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:37:37.0161 0924 Wdf01000 - ok 13:37:37.0194 0924 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:37:37.0196 0924 WdiServiceHost - ok 13:37:37.0201 0924 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:37:37.0204 0924 WdiSystemHost - ok 13:37:37.0325 0924 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll 13:37:37.0842 0924 WebClient - ok 13:37:38.0032 0924 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:37:38.0202 0924 Wecsvc - ok 13:37:38.0246 0924 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:37:38.0326 0924 wercplsupport - ok 13:37:38.0432 0924 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll 13:37:38.0438 0924 WerSvc - ok 13:37:38.0650 0924 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 13:37:39.0016 0924 winachsf - ok 13:37:39.0042 0924 WinDefend - ok 13:37:39.0053 0924 WinHttpAutoProxySvc - ok 13:37:39.0174 0924 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:37:39.0236 0924 Winmgmt - ok 13:37:39.0345 0924 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll 13:37:39.0629 0924 WinRM - ok 13:37:39.0755 0924 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:37:40.0053 0924 Wlansvc - ok 13:37:40.0089 0924 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:37:40.0098 0924 WmiAcpi - ok 13:37:40.0148 0924 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:37:40.0264 0924 wmiApSrv - ok 13:37:40.0340 0924 WMPNetworkSvc - ok 13:37:40.0425 0924 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:37:40.0514 0924 WPCSvc - ok 13:37:40.0586 0924 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:37:41.0051 0924 WPDBusEnum - ok 13:37:41.0241 0924 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 13:37:41.0284 0924 WpdUsb - ok 13:37:41.0547 0924 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 13:37:42.0203 0924 WPFFontCache_v0400 - ok 13:37:42.0680 0924 [ 281F01942C6E9051B8B3CC13BCDDB2FD ] WRkrn C:\Windows\system32\drivers\WRkrn.sys 13:37:42.0681 0924 WRkrn - ok 13:37:43.0007 0924 [ 6D5CA39D2B6E99F6389AC3471232E58C ] WRSVC C:\Program Files (x86)\Webroot\WRSA.exe 13:37:43.0014 0924 WRSVC - ok 13:37:43.0065 0924 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:37:43.0098 0924 ws2ifsl - ok 13:37:43.0177 0924 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll 13:37:43.0221 0924 wscsvc - ok 13:37:43.0228 0924 WSearch - ok 13:37:43.0397 0924 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:37:44.0619 0924 wuauserv - ok 13:37:44.0713 0924 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:37:44.0728 0924 WudfPf - ok 13:37:44.0978 0924 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:37:45.0134 0924 WUDFRd - ok 13:37:45.0274 0924 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:37:45.0336 0924 wudfsvc - ok 13:37:45.0664 0924 ================ Scan global =============================== 13:37:45.0711 0924 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll 13:37:45.0882 0924 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll 13:37:46.0272 0924 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll 13:37:46.0319 0924 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe 13:37:46.0459 0924 [Global] - ok 13:37:46.0459 0924 ================ Scan MBR ================================== 13:37:46.0553 0924 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0 13:37:47.0099 0924 \Device\Harddisk0\DR0 - ok 13:37:47.0099 0924 ================ Scan VBR ================================== 13:37:47.0130 0924 [ 420BD56936F990AEF647F7449E8CDB6D ] \Device\Harddisk0\DR0\Partition1 13:37:47.0130 0924 \Device\Harddisk0\DR0\Partition1 - ok 13:37:47.0130 0924 ============================================================ 13:37:47.0130 0924 Scan finished 13:37:47.0130 0924 ============================================================ 13:37:47.0145 4496 Detected object count: 0 13:37:47.0145 4496 Actual detected object count: 0 13:38:07.0872 3812 Deinitialize success
  17. Dumb question but how do I save the first program to the desktop? It only asks if I want to save and doesnt give me an option
  18. I got on to normal mode! quite suprised This is what I got: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-06-2013 02 Ran by SYSTEM at 2013-06-20 13:13:58 Run:1 Running from F:\ Boot Mode: Recovery ============================================== C:\Users\Owner\AppData\Roaming\2433f433 => Moved successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Owner\AppData\Local\2433f433 => Moved successfully. C:\Program Files (x86)\Application Updater => Moved successfully. C:\Program Files (x86)\YTD Toolbar => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\SA.DAT => Moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. C:\Users\Owner\AppData\Roaming\2433f433 => File/Directory not found. C:\ProgramData\2433f433 => File/Directory not found. C:\Users\Owner\AppData\Local\2433f433 => File/Directory not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. HKU\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Owner\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. HKU\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. ==== End of Fixlog ====
  19. Okay so I got a really bad moneypak virus 2 dys ago and I cannot access any of the safe modes and my system restore points are deleted apparently. Ive been doing a little research and downloaded FRST64 and got to the step where you get some sort of log code or text and I don't think I can go any further. I could really use some help. Also I hope this is the right forum to post in, I was told the last one was wong. Ill post the log inf from FRST64 scan if it helps Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02 Ran by SYSTEM on 18-06-2013 15:16:51 Running from F:\ Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2009-03-13] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2009-03-13] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [200216 2009-03-13] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] "C:\Windows\system32\thpsrv" /logon [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x] HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733648 2013-05-29] (Webroot) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.) HKU\Mcx1-OWNER-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Mcx1-OWNER-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196096 2009-12-01] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1555968 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-09-18] (BitTorrent, Inc.) HKU\Owner\...\Run: [spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-04] () HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe [58368 2013-06-16] (Mozilla Foundation) HKU\Owner\...\Policies\system: [DisableCMD] 0 HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0 HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0 HKU\Owner\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) S2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [733648 2013-05-29] (Webroot) ==================== Drivers (Whitelisted) ==================== S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.) S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-12] (Webroot) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 motccgp; system32\DRIVERS\motccgp.sys [x] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 00:41 - 2013-06-16 00:42 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-13 23:54 - 2013-06-13 23:55 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 00:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 00:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 00:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 00:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 00:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 00:02 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 00:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-13 00:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-13 00:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-13 00:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-13 00:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-13 00:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 06:21 - 2013-05-07 20:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:21 - 2013-05-01 20:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 06:21 - 2013-04-23 18:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:21 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 06:21 - 2013-04-17 05:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 06:21 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-10 23:34 - 2013-06-10 23:36 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:33 - 2013-06-10 23:36 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:33 - 2013-06-10 23:36 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:53 - 2013-06-09 22:55 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:11 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:28 - 2013-05-28 00:39 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 19:58 - 2013-05-21 21:45 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== One Month Modified Files and Folders ======= 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 11:29 - 2011-11-08 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 11:27 - 2012-01-17 16:19 - 00000740 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2013-06-16 11:27 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:20 - 2011-09-28 10:12 - 02052521 ____A C:\Windows\WindowsUpdate.log 2013-06-16 10:45 - 2011-09-28 09:12 - 00000000 ____D C:\users\Owner 2013-06-16 10:45 - 2006-11-02 07:42 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-16 10:27 - 2012-11-13 13:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 09:49 - 2011-11-08 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:02 - 2012-01-20 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent 2013-06-16 00:42 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-15 12:24 - 2012-01-17 12:11 - 00000000 ____D C:\ProgramData\WRData 2013-06-13 23:55 - 2013-06-13 23:54 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-06-13 00:31 - 2011-11-10 01:24 - 00000000 ___RD C:\Users\Owner\Dropbox 2013-06-13 00:31 - 2011-11-10 01:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2013-06-13 00:09 - 2011-09-28 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 00:04 - 2006-11-02 04:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-12 15:40 - 2012-01-17 12:12 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2013-06-12 15:40 - 2012-01-17 12:12 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2013-06-12 15:40 - 2012-01-17 12:12 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll 2013-06-12 00:24 - 2012-11-13 13:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 00:24 - 2011-10-04 15:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 23:36 - 2013-06-10 23:34 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:36 - 2013-06-10 23:33 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:36 - 2013-06-10 23:33 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:55 - 2013-06-09 22:53 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-06-04 22:54 - 2011-10-24 00:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2013-06-02 03:42 - 2009-08-27 12:30 - 00002611 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk 2013-05-29 00:31 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-29 00:19 - 2012-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:13 - 2013-05-28 23:11 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:39 - 2013-05-28 00:28 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-28 00:26 - 2013-05-13 23:12 - 00000000 ____D C:\Users\Owner\Adventure Time 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 21:45 - 2013-05-21 19:58 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3963.04 MB Available physical RAM: 3415.7 MB Total Pagefile: 3714.9 MB Available Pagefile: 3392.15 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:0.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS (Disk=0 Partition=1) Drive f: (USB DISK) (Removable) (Total:1.91 GB) (Free:0.37 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 630A7672) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 80286688) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-13 12:38 ==================== End Of Log ============================
  20. Okay so I got a really bad moneypak virus 2 dys ago and I cannot access any of the safe modes and my system restore points are deleted apparently. Ive been doing a little research and downloaded FRST64 and got to the step where you get some sort of log code or text and I don't think I can go any further. I could really use some help. Ill post the log inf from FRST64 scan if it helps Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2013 02 Ran by SYSTEM on 18-06-2013 15:16:51 Running from F:\ Windows Vista Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" [153624 2009-03-13] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" [225816 2009-03-13] (Intel Corporation) HKLM\...\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" [200216 2009-03-13] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [1713448 2009-03-18] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation) HKLM\...\Run: [ThpSrv] "C:\Windows\system32\thpsrv" /logon [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation) HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [1123840 2009-03-24] (TOSHIBA Corporation) HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation) HKLM-x32\...\Run: [TUSBSleepChargeSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [x] HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [304496 2009-03-17] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul [733648 2013-05-29] (Webroot) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.) HKU\Mcx1-OWNER-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Mcx1-OWNER-PC\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196096 2009-12-01] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1555968 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-09-18] (BitTorrent, Inc.) HKU\Owner\...\Run: [spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-04] () HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation) HKU\Owner\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe [58368 2013-06-16] (Mozilla Foundation) HKU\Owner\...\Policies\system: [DisableCMD] 0 HKU\Owner\...\Policies\system: [NoDispAppearancePage] 0 HKU\Owner\...\Policies\system: [NoDispBackgroundPage] 0 HKU\Owner\...\Policies\system: [NoDispSettingsPage] 0 HKU\Owner\...\Winlogon: [shell] cmd.exe [363008 2008-01-20] (Microsoft Corporation) <==== ATTENTION HKU\Owner\...\Command Processor: "C:\Users\Owner\AppData\Local\Temp\curtjtqhicndkwoka.exe" <===== ATTENTION! Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () S2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-03-30] (TOSHIBA Corporation) S2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [733648 2013-05-29] (Webroot) ==================== Drivers (Whitelisted) ==================== S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2010-10-13] (Marvell Semiconductor, Inc.) S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-12] (Webroot) S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 motccgp; system32\DRIVERS\motccgp.sys [x] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x] S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 00:41 - 2013-06-16 00:42 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-13 23:54 - 2013-06-13 23:55 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:53 - 2013-06-13 23:54 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:02 - 2013-05-16 20:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-13 00:02 - 2013-05-16 19:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-13 00:02 - 2013-05-16 19:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-13 00:02 - 2013-05-16 19:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-13 00:02 - 2013-05-16 19:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 19:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-13 00:02 - 2013-05-16 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-13 00:02 - 2013-05-16 18:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 18:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-13 00:02 - 2013-05-16 18:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 18:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-13 00:02 - 2013-05-16 18:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 18:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 18:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-13 00:02 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-13 00:02 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-13 00:02 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-13 00:02 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-13 00:02 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-13 00:02 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-13 00:02 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-13 00:02 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-13 00:02 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-13 00:02 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-13 00:02 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-13 00:02 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 00:02 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 06:21 - 2013-05-07 20:50 - 01423720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 06:21 - 2013-05-01 20:16 - 00686080 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 06:21 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 01269248 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:09 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 06:21 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 06:21 - 2013-04-23 18:10 - 01078272 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 06:21 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 06:21 - 2013-04-17 05:04 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 06:21 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-10 23:34 - 2013-06-10 23:36 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:33 - 2013-06-10 23:36 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:33 - 2013-06-10 23:36 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:53 - 2013-06-09 22:55 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:11 - 2013-05-28 23:13 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:28 - 2013-05-28 00:39 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 19:58 - 2013-05-21 21:45 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== One Month Modified Files and Folders ======= 2013-06-18 15:16 - 2013-06-18 15:16 - 00000000 ___DC C:\FRST 2013-06-16 11:29 - 2011-11-08 16:32 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-16 11:27 - 2012-01-17 16:19 - 00000740 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk 2013-06-16 11:27 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:27 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-16 11:20 - 2011-09-28 10:12 - 02052521 ____A C:\Windows\WindowsUpdate.log 2013-06-16 10:45 - 2011-09-28 09:12 - 00000000 ____D C:\users\Owner 2013-06-16 10:45 - 2006-11-02 07:42 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-16 10:27 - 2012-11-13 13:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-16 10:14 - 2013-06-16 10:14 - 01097679 ____A C:\Users\Owner\AppData\Roaming\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097620 ____A C:\ProgramData\2433f433 2013-06-16 10:14 - 2013-06-16 10:14 - 01097600 ____A C:\Users\Owner\AppData\Local\2433f433 2013-06-16 09:49 - 2011-11-08 16:32 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-16 09:02 - 2012-01-20 23:07 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent 2013-06-16 00:42 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\Application Updater 2013-06-16 00:41 - 2013-06-16 00:41 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar 2013-06-15 12:24 - 2012-01-17 12:11 - 00000000 ____D C:\ProgramData\WRData 2013-06-13 23:55 - 2013-06-13 23:54 - 56422270 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E10.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 57664039 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E08.HDTV.x264-2HD.mp4 2013-06-13 23:54 - 2013-06-13 23:53 - 53124820 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E09.HDTV.x264-2HD.mp4 2013-06-13 00:45 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache 2013-06-13 00:31 - 2011-11-10 01:24 - 00000000 ___RD C:\Users\Owner\Dropbox 2013-06-13 00:31 - 2011-11-10 01:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2013-06-13 00:09 - 2011-09-28 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-13 00:04 - 2006-11-02 04:35 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2013-06-12 15:40 - 2012-01-17 12:12 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll 2013-06-12 15:40 - 2012-01-17 12:12 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys 2013-06-12 15:40 - 2012-01-17 12:12 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll 2013-06-12 00:24 - 2012-11-13 13:58 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 00:24 - 2011-10-04 15:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 23:36 - 2013-06-10 23:34 - 00000000 ____D C:\Users\Owner\Adventure.Time.With.Finn.and.Jake.S05E07.Davey.WEBRip.x264-UNPOPULAR 2013-06-10 23:36 - 2013-06-10 23:33 - 58198644 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E06.HDTV.x264-2HD.mp4 2013-06-10 23:36 - 2013-06-10 23:33 - 45166708 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E05.HDTV.x264-2HD.mp4 2013-06-09 22:55 - 2013-06-09 22:53 - 49868049 ____A C:\Users\Owner\Adventure.Time.with.Finn.and.Jake.S05E04.HDTV.x264-2HD.mp4 2013-06-09 22:52 - 2013-06-09 22:52 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E03-E04.720p.WEB-DL.x264.AAC 2013-06-09 22:51 - 2013-06-09 22:51 - 00000000 ____D C:\Users\Owner\Adventure.Time.S05E01-E02.720p.WEB-DL.x264.AAC 2013-06-04 22:54 - 2011-10-24 00:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2013-06-02 03:42 - 2009-08-27 12:30 - 00002611 ____A C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk 2013-05-29 00:31 - 2006-11-02 07:07 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-05-29 00:19 - 2012-05-06 22:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-05-28 23:29 - 2013-05-28 23:29 - 00000000 ____D C:\Users\Owner\Adventure time 4x02 2013-05-28 23:13 - 2013-05-28 23:11 - 00000000 ____D C:\Users\Owner\Adventure.Time.S04E10.Goliad.TVRip.x264-UNPOPULAR 2013-05-28 00:39 - 2013-05-28 00:28 - 00000000 ____D C:\Users\Owner\adventure time season 4 2013-05-28 00:26 - 2013-05-13 23:12 - 00000000 ____D C:\Users\Owner\Adventure Time 2013-05-26 12:09 - 2013-05-26 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-05-26 12:02 - 2013-05-26 12:02 - 00000000 ____D C:\Program Files (x86)\Dropbox 2013-05-21 21:45 - 2013-05-21 19:58 - 00000000 ____D C:\Users\Owner\Bobs.Burgers ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 3963.04 MB Available physical RAM: 3415.7 MB Total Pagefile: 3714.9 MB Available Pagefile: 3392.15 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (TI100343V0F) (Fixed) (Total:286.38 GB) (Free:0.51 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.31 GB) NTFS (Disk=0 Partition=1) Drive f: (USB DISK) (Removable) (Total:1.91 GB) (Free:0.37 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 630A7672) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=10 GB) - (Type=17) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 80286688) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2013-06-13 12:38 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.