 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
 Posted: Fri Mar 16, 2012 7:35 pm Post subject: Pop up - Windows detected a hard disk problem |
 |
|
On the internet, all of a sudden I got a pop up screen (box) that said Windows "deteceted a hard disk problem".
The box had three options which read as follows; start back up process, ask me again later, or Dont ask me about this problem again (Not recommended).
When clicking on "which disk is failing" - it shows the following;
DISK NAME: TOSHIBA MK5065GSXN
VOLUME: C:\
There was also a message before that asking if I wanted to allow something to download and I just closed it. I was on a site with a lot of ads, so my mom thinks maybe I encountered a malicious banner ad because that site has had malicious ads in the past.
DDS Log shows as follows -
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by ambetu at 20:04:23 on 2012-03-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2301 [GMT -7:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DFDWiz.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtblfs.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{321F4498-1E8E-4AEF-9A24-D3F27202C5F3} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-11-2 365336]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-3 136176]
S3 JLTECH0227;Dual Mode Camera;C:\windows\system32\Drivers\jl2005c.sys --> C:\windows\system32\Drivers\jl2005c.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-17 00:04:06 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0584EDB5-1118-44B2-91A2-82653B1CB576}\mpengine.dll
2012-03-15 00:26:13 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-15 00:26:12 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 00:26:12 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:00:08 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 01:00:03 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 01:00:03 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 00:58:55 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 00:58:55 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 00:58:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 00:58:54 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 00:58:54 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 00:58:54 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 00:58:54 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 03:21:38 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-17 03:21:38 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-17 03:21:33 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-17 03:21:33 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-17 03:20:45 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-02-17 03:04:59 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-17 03:04:58 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-17 03:04:57 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-17 03:04:57 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-17 03:04:54 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-02-17 03:04:54 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
.
==================== Find3M ====================
.
2012-02-23 17:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-04 02:32:05 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:06:43.34 ===============
Attach Log shows as follows -
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/20/2011 3:00:35 PM
System Uptime: 3/16/2012 6:26:50 PM (2 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 400.97 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP59: 2/3/2012 6:23:09 PM - Windows Update
RP60: 2/8/2012 5:54:36 PM - Windows Update
RP61: 2/14/2012 6:14:12 PM - Windows Update
RP63: 2/16/2012 7:03:49 PM - Windows Modules Installer
RP64: 2/17/2012 5:16:49 PM - Windows Update
RP65: 2/22/2012 5:12:36 PM - Windows Update
RP66: 2/28/2012 5:22:18 PM - Windows Update
RP67: 3/1/2012 4:34:00 PM - Windows Update
RP68: 3/6/2012 4:31:42 PM - Windows Update
RP69: 3/9/2012 6:03:13 PM - Windows Update
RP70: 3/13/2012 5:59:00 PM - Windows Update
RP72: 3/14/2012 5:21:44 PM - Windows Modules Installer
RP73: 3/14/2012 5:22:43 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1) MUI
Apple Application Support
Apple Software Update
AT&T Service & Support Tool
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
att.net Internet Mail
Best Buy pc app
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ffdshow [rev 2527] [2008-12-19]
Ghost Hunters Majesty Manor
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Kaspersky Anti-Virus 2011
Label@Once 1.0
LeapFrog Connect
LeapFrog My Pals Plugin
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
PlayReady PC Runtime x86
QuickTime
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Uninstall Dual Mode Camera (81380)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Vivitar Experience Image Manager - TARGET Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/9/2012 8:25:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/16/2012 5:59:47 PM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
3/14/2012 5:20:07 PM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
3/12/2012 4:59:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/11/2012 4:58:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
Thanks for help! |
|
| Back to top |
|
 |
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Fri Mar 16, 2012 10:34 pm Post subject: |
|
|
Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Fri Mar 16, 2012 10:46 pm Post subject: |
|
|
| Quote: |
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed. |
Hi ambetu
I'm Gary R,
Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
I'd also recommend that you create a System Restore Point that we can restore to if necessary.
- Click Start, and type Create a restore point into the Search programs and files box.
- Now click on the Create a restore point icon at the top of the find list.
- This will open a System Properties box, with the System Protection tab open ...
- Click on the Create button in the lower part of the window.
- Type Pre Malware Cleanup into the description box, then click Create.
- Windows will now create a Restore Point and notify you when finished.
- Exit any open windows.
Please observe these rules while we work:
- Perform all actions in the order given.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Stick with it till you're given the all clear.
- Remember, absence of symptoms does not mean the infection is all gone.
- Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
- Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
- As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
| Quote: |
| It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. |
There's no obvious signs of infection in the log you've supplied, but there are a few minor issues that need attention and we'll deal with them shortly.
First I'd like to run some further scans to ensure you haven't picked up one of the nastier infections that don't really show up in a DDS scan.
Download OTL by OldTimer to your Desktop.
If you already have a copy of OTL delete it and use this version.
- Double click OTL.exe to launch the programme.
- Check the following.
- Scan all users.
- Standard Output.
- Lop check.
- Purity check.
- Under Extra Registry section, select Use SafeList
- Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
- When finished it will produce two logs.
- OTL.txt (open on your desktop).
- Extras.txt (minimised in your taskbar)
- Please post me both logs.
Next
Download TDSSKiller.zip and extract it to your Desktop.
- Double click on TDSSKiller.exe to launch it.
- If using Vista or Windows7, when prompted by UAC allow the prompt.
- Click on Change parameters
- Check Detect TDLFS file system
- Click OK
- Click on Start Scan
- The scan will run.
- When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
- Now click on Report to open the log file created by TDSSKiller in your root directory C:\
- Post the contents in your next reply please.
- DO NOT TRY TO FIX ANYTHING AT THIS POINT
Summary of the logs I need from you in your next post:
- OTL.txt
- Extras.txt
- TDSSKiller log
Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Sat Mar 17, 2012 2:33 pm Post subject: OTL Log |
|
|
OTL logfile created on: 3/17/2012 3:23:32 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\ambetu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.95 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.58% Memory free
7.90 Gb Paging File | 6.03 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.57 Gb Total Space | 401.87 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Computer Name: AMBETU-PC | User Name: ambetu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/03/17 15:05:07 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\ambetu\Downloads\OTL.exe
PRC - [2012/02/03 19:32:05 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/07/27 02:47:12 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2011/03/02 15:36:16 | 000,266,680 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:[b]64bit:[/b] - [2010/12/20 18:30:30 | 000,822,704 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:[b]64bit:[/b] - [2010/12/09 17:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:[b]64bit:[/b] - [2010/12/08 15:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:[b]64bit:[/b] - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/20 18:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 18:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2011/08/25 20:42:40 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/04/04 20:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:[b]64bit:[/b] - [2011/02/03 19:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2011/01/27 12:34:12 | 001,577,088 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:[b]64bit:[/b] - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:[b]64bit:[/b] - [2010/12/01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/08 12:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:[b]64bit:[/b] - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:[b]64bit:[/b] - [2010/07/27 02:47:46 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:[b]64bit:[/b] - [2010/07/27 02:47:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:[b]64bit:[/b] - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:[b]64bit:[/b] - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:[b]64bit:[/b] - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:[b]64bit:[/b] - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:[b]64bit:[/b] - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/24 15:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:[b]64bit:[/b] - [2009/06/19 19:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:[b]64bit:[/b] - [2009/06/15 13:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/02 13:26:26 | 000,080,880 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jl2005c.sys -- (JLTECH0227)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/07/27 02:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 02:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\SearchScopes,DefaultScope = {3E947915-04B4-4E1A-839A-BFAB30C455C9}
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\SearchScopes\{3E947915-04B4-4E1A-839A-BFAB30C455C9}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
[color=#E56717]========== FireFox ==========[/color]
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\ambetu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/08/27 13:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru [2011/08/27 13:20:46 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1698956662-1714580961-1326721574-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [] File not found
O4:[b]64bit:[/b] - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:[/b] - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321F4498-1E8E-4AEF-9A24-D3F27202C5F3}: DhcpNameServer = 192.168.1.254
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/03/14 17:26:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/03/14 17:26:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/03/14 17:26:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/03/13 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\ambetu\Desktop\SDC Stuff
[2012/03/13 18:00:03 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/03/13 17:58:55 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/03/13 17:58:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/03/13 17:58:55 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/03/13 17:58:54 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/03/13 17:58:54 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/03/07 18:49:29 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/16 20:21:38 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/02/16 20:21:33 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/02/16 20:21:33 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/02/16 20:05:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/02/16 20:05:09 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/02/16 20:05:04 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/02/16 20:05:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/02/16 20:05:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/02/16 20:05:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/02/16 20:05:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/02/16 20:05:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/02/16 20:05:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/02/16 20:04:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/02/16 20:04:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/03/17 14:59:11 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 14:59:11 | 000,024,400 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 14:52:10 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/17 14:52:10 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/17 14:52:10 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/17 14:44:57 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 14:44:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/17 14:43:54 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 20:42:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 17:44:16 | 000,341,296 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/12 21:23:26 | 000,026,188 | ---- | M] () -- C:\Users\ambetu\Desktop\Sac Skyline.jpg
[2012/03/10 10:09:01 | 000,090,294 | ---- | M] () -- C:\Users\ambetu\Desktop\couponblue.bmp
[2012/03/07 18:49:23 | 514,580,651 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/03/12 21:23:55 | 000,026,188 | ---- | C] () -- C:\Users\ambetu\Desktop\Sac Skyline.jpg
[2012/03/10 10:09:01 | 000,090,294 | ---- | C] () -- C:\Users\ambetu\Desktop\couponblue.bmp
[2012/03/07 18:49:23 | 514,580,651 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/12/26 21:12:56 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/11/24 12:00:12 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/05/22 12:49:26 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 20:07:00 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/04/04 20:06:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/04/04 20:06:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[color=#E56717]========== LOP Check ==========[/color]
[2012/02/04 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\ambetu\AppData\Roaming\Book Place
[2011/08/20 15:16:09 | 000,000,000 | ---D | M] -- C:\Users\ambetu\AppData\Roaming\Toshiba
[2011/08/20 15:01:12 | 000,000,000 | ---D | M] -- C:\Users\ambetu\AppData\Roaming\WinBatch
[2011/12/25 17:46:51 | 000,032,614 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
< End of report > |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Sat Mar 17, 2012 2:35 pm Post subject: Extra's Log |
|
|
OTL Extras logfile created on: 3/17/2012 3:23:32 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\ambetu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.95 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.58% Memory free
7.90 Gb Paging File | 6.03 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.57 Gb Total Space | 401.87 Gb Free Space | 89.19% Space Free | Partition Type: NTFS
Computer Name: AMBETU-PC | User Name: ambetu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9013B370-99D4-404B-9DB9-779B51CEB5FF}" = LeapFrog My Pals Plugin
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}" = Toshiba Book Place
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}" = TOSHIBA Wireless LAN Indicator
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"81380_2009_1229_1647_is1" = Uninstall Dual Mode Camera (81380)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATT-SST" = AT&T Service & Support Tool
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"UPCShell" = LeapFrog Connect
"Vivitar Experience Image Manager - TARGET Edition" = Vivitar Experience Image Manager - TARGET Edition
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Mail" = att.net Internet Mail
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-1698956662-1714580961-1326721574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Ghost Hunters Majesty Manor" = Ghost Hunters Majesty Manor
"UnityWebPlayer" = Unity Web Player
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2/27/2012 11:30:58 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:30:58 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 2/27/2012 11:31:22 PM | Computer Name = ambetu-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
[ Media Center Events ]
Error - 8/20/2011 6:17:12 PM | Computer Name = ambetu-PC | Source = MCUpdate | ID = 0
Description = 3:17:12 PM - Error connecting to the internet. 3:17:12 PM - Unable
to contact server..
[ System Events ]
Error - 2/17/2012 9:10:21 PM | Computer Name = ambetu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:32:57 PM on ?2/?16/?2012 was unexpected.
Error - 2/17/2012 9:12:43 PM | Computer Name = ambetu-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Audio service hung on starting.
Error - 2/17/2012 9:46:52 PM | Computer Name = ambetu-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error - 2/17/2012 9:46:52 PM | Computer Name = ambetu-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053
Error - 2/26/2012 5:34:14 PM | Computer Name = ambetu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:09:07 PM on ?2/?25/?2012 was unexpected.
Error - 2/26/2012 5:35:39 PM | Computer Name = ambetu-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error - 2/26/2012 5:35:40 PM | Computer Name = ambetu-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053
Error - 2/26/2012 6:45:19 PM | Computer Name = ambetu-PC | Source = DCOM | ID = 10010
Description =
Error - 3/1/2012 8:58:34 PM | Computer Name = ambetu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:56:27 PM on ?3/?1/?2012 was unexpected.
Error - 3/2/2012 9:44:46 PM | Computer Name = ambetu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:44:30 PM on ?3/?1/?2012 was unexpected.
< End of report >
Thank you Gary! |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Sat Mar 17, 2012 2:43 pm Post subject: TDSSKiller Log |
|
|
15:37:44.0739 3844 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:37:45.0890 3844 ============================================================
15:37:45.0890 3844 Current date / time: 2012/03/17 15:37:45.0890
15:37:45.0890 3844 SystemInfo:
15:37:45.0890 3844
15:37:45.0890 3844 OS Version: 6.1.7601 ServicePack: 1.0
15:37:45.0890 3844 Product type: Workstation
15:37:45.0890 3844 ComputerName: AMBETU-PC
15:37:45.0890 3844 UserName: ambetu
15:37:45.0890 3844 Windows directory: C:\windows
15:37:45.0890 3844 System windows directory: C:\windows
15:37:45.0890 3844 Running under WOW64
15:37:45.0890 3844 Processor architecture: Intel x64
15:37:45.0890 3844 Number of processors: 4
15:37:45.0890 3844 Page size: 0x1000
15:37:45.0890 3844 Boot type: Normal boot
15:37:45.0890 3844 ============================================================
15:37:53.0920 3844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:53.0930 3844 \Device\Harddisk0\DR0:
15:37:53.0930 3844 MBR used
15:37:53.0930 3844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38522800
15:37:53.0990 3844 Initialize success
15:37:53.0990 3844 ============================================================
15:38:39.0889 4152 ============================================================
15:38:39.0889 4152 Scan started
15:38:39.0889 4152 Mode: Manual; TDLFS;
15:38:39.0889 4152 ============================================================
15:38:42.0870 4152 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:38:42.0870 4152 1394ohci - ok
15:38:43.0510 4152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:38:43.0520 4152 ACPI - ok
15:38:44.0030 4152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:38:44.0030 4152 AcpiPmi - ok
15:38:44.0530 4152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:38:44.0540 4152 adp94xx - ok
15:38:45.0750 4152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:38:45.0750 4152 adpahci - ok
15:38:46.0150 4152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:38:46.0150 4152 adpu320 - ok
15:38:46.0550 4152 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:38:46.0570 4152 AFD - ok
15:38:46.0970 4152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:38:46.0980 4152 agp440 - ok
15:38:47.0740 4152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:38:47.0740 4152 aliide - ok
15:38:48.0130 4152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:38:48.0130 4152 amdide - ok
15:38:48.0520 4152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:38:48.0520 4152 AmdK8 - ok
15:38:48.0911 4152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
15:38:48.0911 4152 AmdPPM - ok
15:38:49.0411 4152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:38:49.0421 4152 amdsata - ok
15:38:49.0821 4152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:38:49.0831 4152 amdsbs - ok
15:38:50.0401 4152 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:38:50.0401 4152 amdxata - ok
15:38:50.0801 4152 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:38:50.0801 4152 AppID - ok
15:38:51.0441 4152 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:38:51.0441 4152 arc - ok
15:38:53.0531 4152 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:38:53.0621 4152 arcsas - ok
15:38:54.0721 4152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:38:54.0721 4152 AsyncMac - ok
15:38:55.0341 4152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:38:55.0441 4152 atapi - ok
15:38:55.0961 4152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:38:55.0971 4152 b06bdrv - ok
15:38:56.0351 4152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:38:56.0361 4152 b57nd60a - ok
15:38:56.0751 4152 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:38:56.0751 4152 Beep - ok
15:38:57.0262 4152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:38:57.0262 4152 blbdrive - ok
15:38:57.0652 4152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:38:57.0662 4152 bowser - ok
15:38:58.0032 4152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:38:58.0032 4152 BrFiltLo - ok
15:38:58.0402 4152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:38:58.0402 4152 BrFiltUp - ok
15:38:58.0792 4152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:38:58.0802 4152 Brserid - ok
15:38:59.0282 4152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:38:59.0282 4152 BrSerWdm - ok
15:38:59.0842 4152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:38:59.0842 4152 BrUsbMdm - ok
15:39:00.0222 4152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:39:00.0222 4152 BrUsbSer - ok
15:39:00.0592 4152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:39:00.0592 4152 BTHMODEM - ok
15:39:01.0353 4152 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:39:01.0353 4152 cdfs - ok
15:39:01.0713 4152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:39:01.0713 4152 cdrom - ok
15:39:02.0093 4152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:39:02.0093 4152 circlass - ok
15:39:02.0383 4152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:39:02.0403 4152 CLFS - ok
15:39:02.0803 4152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:39:02.0803 4152 CmBatt - ok
15:39:03.0293 4152 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:39:03.0293 4152 cmdide - ok
15:39:03.0693 4152 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
15:39:03.0703 4152 CNG - ok
15:39:04.0163 4152 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
15:39:04.0183 4152 CnxtHdAudService - ok
15:39:04.0743 4152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
15:39:04.0743 4152 Compbatt - ok
15:39:05.0233 4152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:39:05.0233 4152 CompositeBus - ok
15:39:05.0803 4152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:39:05.0813 4152 crcdisk - ok
15:39:06.0593 4152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:39:06.0593 4152 DfsC - ok
15:39:09.0834 4152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:39:09.0834 4152 discache - ok
15:39:10.0234 4152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:39:10.0244 4152 Disk - ok
15:39:10.0824 4152 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:39:10.0834 4152 drmkaud - ok
15:39:11.0874 4152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:39:11.0894 4152 DXGKrnl - ok
15:39:12.0375 4152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:39:12.0465 4152 ebdrv - ok
15:39:12.0895 4152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:39:12.0905 4152 elxstor - ok
15:39:13.0406 4152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:39:13.0406 4152 ErrDev - ok
15:39:13.0816 4152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:39:13.0826 4152 exfat - ok
15:39:14.0216 4152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:39:14.0216 4152 fastfat - ok
15:39:14.0596 4152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:39:14.0606 4152 fdc - ok
15:39:15.0076 4152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:39:15.0086 4152 FileInfo - ok
15:39:15.0576 4152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:39:15.0586 4152 Filetrace - ok
15:39:15.0966 4152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:39:15.0966 4152 flpydisk - ok
15:39:16.0356 4152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:39:16.0366 4152 FltMgr - ok
15:39:16.0936 4152 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:39:16.0936 4152 FsDepends - ok
15:39:17.0416 4152 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
15:39:17.0416 4152 Fs_Rec - ok
15:39:17.0796 4152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:39:17.0796 4152 fvevol - ok
15:39:18.0166 4152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:39:18.0176 4152 gagp30kx - ok
15:39:18.0556 4152 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:39:18.0556 4152 GEARAspiWDM - ok
15:39:18.0996 4152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:39:18.0996 4152 hcw85cir - ok
15:39:19.0736 4152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:39:19.0746 4152 HdAudAddService - ok
15:39:20.0127 4152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:39:20.0127 4152 HDAudBus - ok
15:39:20.0507 4152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:39:20.0517 4152 HidBatt - ok
15:39:20.0877 4152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:39:20.0887 4152 HidBth - ok
15:39:21.0387 4152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:39:21.0387 4152 HidIr - ok
15:39:21.0807 4152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
15:39:21.0807 4152 HidUsb - ok
15:39:22.0347 4152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:39:22.0347 4152 HpSAMD - ok
15:39:22.0737 4152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:39:22.0757 4152 HTTP - ok
15:39:23.0227 4152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:39:23.0227 4152 hwpolicy - ok
15:39:23.0627 4152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:39:23.0627 4152 i8042prt - ok
15:39:24.0597 4152 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
15:39:24.0607 4152 iaStor - ok
15:39:25.0027 4152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:39:25.0037 4152 iaStorV - ok
15:39:26.0487 4152 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
15:39:26.0857 4152 igfx - ok
15:39:29.0068 4152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:39:29.0068 4152 iirsp - ok
15:39:30.0248 4152 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
15:39:30.0258 4152 IntcDAud - ok
15:39:30.0648 4152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:39:30.0648 4152 intelide - ok
15:39:31.0388 4152 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:39:31.0398 4152 intelppm - ok
15:39:31.0778 4152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:39:31.0788 4152 IpFilterDriver - ok
15:39:32.0158 4152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:39:32.0168 4152 IPMIDRV - ok
15:39:32.0898 4152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:39:32.0898 4152 IPNAT - ok
15:39:33.0418 4152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:39:33.0418 4152 IRENUM - ok
15:39:33.0798 4152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:39:33.0798 4152 isapnp - ok
15:39:34.0248 4152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:39:34.0258 4152 iScsiPrt - ok
15:39:34.0638 4152 JLTECH0227 (cd91d1bd200d9f39682a08e987f0dbe2) C:\windows\system32\Drivers\jl2005c.sys
15:39:34.0638 4152 JLTECH0227 - ok
15:39:35.0019 4152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:39:35.0019 4152 kbdclass - ok
15:39:35.0519 4152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
15:39:35.0529 4152 kbdhid - ok
15:39:35.0999 4152 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
15:39:36.0019 4152 KL1 - ok
15:39:36.0409 4152 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
15:39:36.0409 4152 kl2 - ok
15:39:36.0829 4152 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
15:39:36.0849 4152 KLIF - ok
15:39:37.0399 4152 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
15:39:37.0399 4152 KLIM6 - ok
15:39:37.0859 4152 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
15:39:37.0869 4152 klmouflt - ok
15:39:38.0239 4152 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
15:39:38.0239 4152 KSecDD - ok
15:39:38.0639 4152 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
15:39:38.0639 4152 KSecPkg - ok
15:39:39.0049 4152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:39:39.0049 4152 ksthunk - ok
15:39:39.0539 4152 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
15:39:39.0549 4152 L1C - ok
15:39:39.0989 4152 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:39:39.0999 4152 lltdio - ok
15:39:41.0239 4152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:39:41.0249 4152 LSI_FC - ok
15:39:41.0639 4152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:39:41.0649 4152 LSI_SAS - ok
15:39:42.0019 4152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:39:42.0029 4152 LSI_SAS2 - ok
15:39:42.0399 4152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:39:42.0409 4152 LSI_SCSI - ok
15:39:42.0799 4152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:39:42.0799 4152 luafv - ok
15:39:43.0460 4152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:39:43.0460 4152 megasas - ok
15:39:43.0850 4152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:39:43.0860 4152 MegaSR - ok
15:39:44.0240 4152 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
15:39:44.0240 4152 MEIx64 - ok
15:39:44.0630 4152 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:39:44.0630 4152 Modem - ok
15:39:45.0000 4152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:39:45.0010 4152 monitor - ok
15:39:45.0500 4152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:39:45.0510 4152 mouclass - ok
15:39:45.0900 4152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
15:39:45.0900 4152 mouhid - ok
15:39:46.0300 4152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:39:46.0300 4152 mountmgr - ok
15:39:46.0680 4152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:39:46.0690 4152 mpio - ok
15:39:47.0050 4152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:39:47.0050 4152 mpsdrv - ok
15:39:47.0350 4152 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:39:47.0350 4152 MREMP50 - ok
15:39:47.0480 4152 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
15:39:47.0480 4152 MREMP50a64 - ok
15:39:47.0580 4152 MREMPR5 - ok
15:39:47.0770 4152 MRENDIS5 - ok
15:39:47.0900 4152 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:39:47.0910 4152 MRESP50 - ok
15:39:48.0040 4152 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
15:39:48.0040 4152 MRESP50a64 - ok
15:39:48.0700 4152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:39:48.0700 4152 MRxDAV - ok
15:39:49.0060 4152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:39:49.0060 4152 mrxsmb - ok
15:39:49.0560 4152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:39:49.0570 4152 mrxsmb10 - ok
15:39:49.0930 4152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:39:49.0940 4152 mrxsmb20 - ok
15:39:50.0320 4152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
15:39:50.0320 4152 msahci - ok
15:39:50.0700 4152 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:39:50.0700 4152 msdsm - ok
15:39:51.0211 4152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:39:51.0211 4152 Msfs - ok
15:39:51.0581 4152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:39:51.0591 4152 mshidkmdf - ok
15:39:51.0961 4152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:39:51.0971 4152 msisadrv - ok
15:39:52.0371 4152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:39:52.0371 4152 MSKSSRV - ok
15:39:52.0761 4152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:39:52.0761 4152 MSPCLOCK - ok
15:39:53.0241 4152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:39:53.0241 4152 MSPQM - ok
15:39:53.0721 4152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:39:53.0731 4152 MsRPC - ok
15:39:54.0121 4152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:39:54.0121 4152 mssmbios - ok
15:39:54.0491 4152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:39:54.0501 4152 MSTEE - ok
15:39:54.0861 4152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:39:54.0861 4152 MTConfig - ok
15:39:55.0341 4152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:39:55.0341 4152 Mup - ok
15:39:55.0751 4152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:39:55.0761 4152 NativeWifiP - ok
15:39:56.0181 4152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
15:39:56.0201 4152 NDIS - ok
15:39:56.0601 4152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:39:56.0601 4152 NdisCap - ok
15:39:57.0001 4152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:39:57.0001 4152 NdisTapi - ok
15:39:57.0511 4152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:39:57.0511 4152 Ndisuio - ok
15:39:57.0891 4152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:39:57.0901 4152 NdisWan - ok
15:39:58.0281 4152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:39:58.0291 4152 NDProxy - ok
15:39:58.0681 4152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:39:58.0691 4152 NetBIOS - ok
15:39:59.0451 4152 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:39:59.0461 4152 NetBT - ok
15:39:59.0861 4152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:39:59.0861 4152 nfrd960 - ok
15:40:00.0281 4152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:40:00.0281 4152 Npfs - ok
15:40:00.0661 4152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:40:00.0661 4152 nsiproxy - ok
15:40:01.0082 4152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:40:01.0242 4152 Ntfs - ok
15:40:01.0612 4152 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:40:01.0612 4152 Null - ok
15:40:01.0982 4152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:40:01.0992 4152 nvraid - ok
15:40:02.0372 4152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:40:02.0372 4152 nvstor - ok
15:40:02.0762 4152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:40:02.0762 4152 nv_agp - ok
15:40:03.0262 4152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:40:03.0272 4152 ohci1394 - ok
15:40:03.0712 4152 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:40:03.0722 4152 Parport - ok
15:40:04.0082 4152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
15:40:04.0082 4152 partmgr - ok
15:40:04.0732 4152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:40:04.0742 4152 pci - ok
15:40:05.0232 4152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
15:40:05.0232 4152 pciide - ok
15:40:05.0612 4152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:40:05.0612 4152 pcmcia - ok
15:40:05.0982 4152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:40:05.0992 4152 pcw - ok
15:40:06.0382 4152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:40:06.0392 4152 PEAUTH - ok
15:40:06.0812 4152 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
15:40:06.0812 4152 PGEffect - ok
15:40:07.0352 4152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:40:07.0362 4152 PptpMiniport - ok
15:40:07.0732 4152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:40:07.0742 4152 Processor - ok
15:40:08.0143 4152 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:40:08.0153 4152 Psched - ok
15:40:08.0563 4152 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
15:40:08.0563 4152 QIOMem - ok
15:40:08.0993 4152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:40:09.0023 4152 ql2300 - ok
15:40:09.0513 4152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:40:09.0513 4152 ql40xx - ok
15:40:10.0003 4152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:40:10.0004 4152 QWAVEdrv - ok
15:40:10.0384 4152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:40:10.0394 4152 RasAcd - ok
15:40:10.0794 4152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:40:10.0794 4152 RasAgileVpn - ok
15:40:11.0304 4152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:40:11.0304 4152 Rasl2tp - ok
15:40:11.0724 4152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:40:11.0734 4152 RasPppoe - ok
15:40:12.0114 4152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:40:12.0114 4152 RasSstp - ok
15:40:12.0494 4152 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:40:12.0504 4152 rdbss - ok
15:40:12.0884 4152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:40:12.0884 4152 rdpbus - ok
15:40:13.0404 4152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:40:13.0404 4152 RDPCDD - ok
15:40:13.0794 4152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:40:13.0794 4152 RDPENCDD - ok
15:40:14.0174 4152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:40:14.0174 4152 RDPREFMP - ok
15:40:14.0544 4152 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
15:40:14.0554 4152 RDPWD - ok
15:40:15.0234 4152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:40:15.0244 4152 rdyboost - ok
15:40:15.0674 4152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:40:15.0674 4152 rspndr - ok
15:40:16.0074 4152 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
15:40:16.0074 4152 RSUSBSTOR - ok
15:40:17.0675 4152 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
15:40:17.0685 4152 RSUSBVSTOR - ok
15:40:18.0125 4152 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
15:40:18.0155 4152 RTL8192Ce - ok
15:40:18.0545 4152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:40:18.0545 4152 sbp2port - ok
15:40:18.0935 4152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:40:18.0935 4152 scfilter - ok
15:40:19.0425 4152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:40:19.0425 4152 secdrv - ok
15:40:19.0825 4152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:40:19.0825 4152 Serenum - ok
15:40:20.0475 4152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:40:20.0475 4152 Serial - ok
15:40:20.0865 4152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:40:20.0865 4152 sermouse - ok
15:40:21.0385 4152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:40:21.0385 4152 sffdisk - ok
15:40:21.0765 4152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:40:21.0765 4152 sffp_mmc - ok
15:40:22.0145 4152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:40:22.0145 4152 sffp_sd - ok
15:40:22.0855 4152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:40:22.0855 4152 sfloppy - ok
15:40:23.0355 4152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:40:23.0355 4152 SiSRaid2 - ok
15:40:23.0725 4152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:40:23.0725 4152 SiSRaid4 - ok
15:40:24.0116 4152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:40:24.0116 4152 Smb - ok
15:40:24.0536 4152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:40:24.0536 4152 spldr - ok
15:40:24.0926 4152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:40:24.0946 4152 srv - ok
15:40:25.0606 4152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:40:25.0616 4152 srv2 - ok
15:40:26.0026 4152 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
15:40:26.0036 4152 SrvHsfHDA - ok
15:40:26.0486 4152 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
15:40:26.0516 4152 SrvHsfV92 - ok
15:40:26.0916 4152 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
15:40:26.0936 4152 SrvHsfWinac - ok
15:40:27.0416 4152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:40:27.0426 4152 srvnet - ok
15:40:27.0826 4152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:40:27.0836 4152 stexstor - ok
15:40:28.0236 4152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:40:28.0236 4152 swenum - ok
15:40:28.0756 4152 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
15:40:28.0796 4152 SynTP - ok
15:40:29.0346 4152 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
15:40:29.0386 4152 Tcpip - ok
15:40:29.0846 4152 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
15:40:29.0886 4152 TCPIP6 - ok
15:40:30.0276 4152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:40:30.0276 4152 tcpipreg - ok
15:40:30.0926 4152 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:40:30.0926 4152 tdcmdpst - ok
15:40:31.0407 4152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:40:31.0407 4152 TDPIPE - ok
15:40:31.0777 4152 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:40:31.0777 4152 TDTCP - ok
15:40:32.0157 4152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:40:32.0157 4152 tdx - ok
15:40:32.0517 4152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:40:32.0517 4152 TermDD - ok
15:40:33.0737 4152 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
15:40:33.0747 4152 tos_sps64 - ok
15:40:34.0147 4152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:40:34.0157 4152 tssecsrv - ok
15:40:34.0507 4152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:40:34.0507 4152 TsUsbFlt - ok
15:40:34.0857 4152 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:40:34.0867 4152 TsUsbGD - ok
15:40:35.0687 4152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:40:35.0687 4152 tunnel - ok
15:40:36.0257 4152 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:40:36.0257 4152 TVALZ - ok
15:40:36.0627 4152 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
15:40:36.0627 4152 TVALZFL - ok
15:40:36.0997 4152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:40:36.0997 4152 uagp35 - ok
15:40:37.0838 4152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:40:37.0848 4152 udfs - ok
15:40:38.0228 4152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:40:38.0228 4152 uliagpkx - ok
15:40:38.0588 4152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:40:38.0588 4152 umbus - ok
15:40:38.0958 4152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:40:38.0968 4152 UmPass - ok
15:40:41.0038 4152 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
15:40:41.0038 4152 USBAAPL64 - ok
15:40:41.0618 4152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
15:40:41.0628 4152 usbccgp - ok
15:40:42.0008 4152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:40:42.0008 4152 usbcir - ok
15:40:42.0388 4152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
15:40:42.0388 4152 usbehci - ok
15:40:42.0768 4152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:40:42.0778 4152 usbhub - ok
15:40:43.0638 4152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
15:40:43.0648 4152 usbohci - ok
15:40:44.0008 4152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
15:40:44.0008 4152 usbprint - ok
15:40:44.0398 4152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:40:44.0398 4152 USBSTOR - ok
15:40:44.0758 4152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
15:40:44.0768 4152 usbuhci - ok
15:40:45.0249 4152 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
15:40:45.0259 4152 usbvideo - ok
15:40:45.0629 4152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:40:45.0629 4152 vdrvroot - ok
15:40:46.0099 4152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:40:46.0099 4152 vga - ok
15:40:46.0539 4152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:40:46.0539 4152 VgaSave - ok
15:40:46.0909 4152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:40:46.0919 4152 vhdmp - ok
15:40:47.0409 4152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:40:47.0409 4152 viaide - ok
15:40:47.0869 4152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:40:47.0879 4152 volmgr - ok
15:40:48.0249 4152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:40:48.0259 4152 volmgrx - ok
15:40:48.0629 4152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:40:48.0629 4152 volsnap - ok
15:40:49.0009 4152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:40:49.0009 4152 vsmraid - ok
15:40:49.0489 4152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:40:49.0499 4152 vwifibus - ok
15:40:49.0859 4152 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:40:49.0869 4152 vwififlt - ok
15:40:50.0239 4152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:40:50.0239 4152 WacomPen - ok
15:40:50.0619 4152 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:40:50.0629 4152 WANARP - ok
15:40:50.0629 4152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:40:50.0639 4152 Wanarpv6 - ok
15:40:51.0069 4152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:40:51.0069 4152 Wd - ok
15:40:51.0559 4152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:40:51.0579 4152 Wdf01000 - ok
15:40:52.0219 4152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:40:52.0219 4152 WfpLwf - ok
15:40:52.0589 4152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:40:52.0589 4152 WIMMount - ok
15:40:53.0039 4152 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
15:40:53.0039 4152 WinUsb - ok
15:40:53.0719 4152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
15:40:53.0719 4152 WmiAcpi - ok
15:40:54.0140 4152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:40:54.0150 4152 ws2ifsl - ok
15:40:54.0540 4152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:40:54.0540 4152 WudfPf - ok
15:40:54.0930 4152 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:40:54.0930 4152 WUDFRd - ok
15:40:54.0970 4152 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:40:55.0230 4152 \Device\Harddisk0\DR0 - ok
15:40:55.0260 4152 Boot (0x1200) (b0c03bdda8c5dfb0d598a9c4d2fbff86) \Device\Harddisk0\DR0\Partition0
15:40:55.0260 4152 \Device\Harddisk0\DR0\Partition0 - ok
15:40:55.0260 4152 ============================================================
15:40:55.0260 4152 Scan finished
15:40:55.0260 4152 ============================================================
15:40:55.0290 4876 Detected object count: 0
15:40:55.0290 4876 Actual detected object count: 0 |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Sat Mar 17, 2012 3:18 pm Post subject: |
|
|
Your TDSSKiller log is clean, which is good, however I'd like you to run a couple more scans for me, while I look over your OTL logs.
- Download aswMBR.exe to your desktop.
- Double click aswMBR.exe to run it
- Click the SCAN button to start the scan.
- On completion of the scan click SAVE LOG and save it to your desktop.
- Post the log contents in your next reply please.
Next
Please run a scan with ESET Online Scanner (this may take a few hours to complete)
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go HERE then click on:
| Quote: |
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. |
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
- Copy and paste that log in your next reply please.
- Now click on:
 (Selecting Uninstall application on close if you so wish)
It's getting late where I am, so it will probably be tomorrow morning my time (GMT) at the earliest before I get to see what you post, or before I can properly assess the OTL logs you posted.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Sun Mar 18, 2012 2:03 pm Post subject: aswmbr Log |
|
|
Thanks for all your help Gary! The ESET online scan would not run, kept getting message that said ' Unable to downlad updates, is proxy confirgured'. Kaspersky was disabled as was windows defender so that was not the issue. Mom even tried to help and we couldn't figure it out.
The aswmbr log is below -
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-18 14:37:47
-----------------------------
14:37:47.878 OS Version: Windows x64 6.1.7601 Service Pack 1
14:37:47.878 Number of processors: 4 586 0x2A07
14:37:47.878 ComputerName: AMBETU-PC UserName: ambetu
14:38:03.997 Initialize success
14:39:00.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:39:00.193 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
14:39:00.193 Disk 0 MBR read successfully
14:39:00.209 Disk 0 MBR scan
14:39:00.209 Disk 0 Windows VISTA default MBR code
14:39:00.225 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:39:00.240 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461381 MB offset 3074048
14:39:00.271 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 947982336
14:39:00.303 Disk 0 scanning C:\windows\system32\drivers
14:39:05.919 Service scanning
14:39:34.092 Service KL1 C:\windows\system32\DRIVERS\kl1.sys **LOCKED** 5
14:39:34.311 Service kl2 C:\windows\system32\DRIVERS\kl2.sys **LOCKED** 5
14:39:34.607 Service KLIM6 C:\windows\system32\DRIVERS\klim6.sys **LOCKED** 5
14:39:34.779 Service klmouflt C:\windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
14:40:17.850 Modules scanning
14:40:17.866 Disk 0 trace - called modules:
14:40:17.944 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:40:17.944 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80068fe790]
14:40:17.959 3 CLASSPNP.SYS[fffff880023cd43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005691050]
14:40:17.975 Scan finished successfully
14:40:35.400 Disk 0 MBR has been saved successfully to "C:\Users\ambetu\Desktop\MBR.dat"
14:40:35.400 The log file has been saved successfully to "C:\Users\ambetu\Desktop\aswMBR.txt" |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Sun Mar 18, 2012 10:28 pm Post subject: |
|
|
Your aswMBR scan looks clean, so I don't believe you have a bootkit or partition sector infection, but I don't like the fact that you were unable to run the e-set scan. Let's see if Malwarebytes Anti-Malware can run on your machine.
Please download Malwarebytes' Anti-Malware to your Desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- Click on the Malwarebytes' Anti-Malware icon to launch the programme.
- Click the Updates tab.
- Click Check for Updates and allow the programme to download the latest definitions.
- Click the Scanner tab.
- Check Perform Quick Scan.
- Click Scan and wait for the scan to complete.
- When the scan is complete, click OK, then Show Results.
- Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
- A box will pop-up telling you that files have been quarantined.
- A log will pop-up.
- Post the log in your next reply please.
You can also access the log by doing the following
- Click on the Logs tab.
- Click on the log at the bottom of those listed to highlight it.
- Click Open
Next
I'd like you to run an error check on your hard drive.
- Click Start > Computer
- Right click on your hard drive (C:\) and select Properties
- Click on the Tools tab.
- Under Error Checking click Check Now
- There are two option boxes, ensure BOTH are checked, then click Start
- You will get a message saying that the disk is in use, click Schedule disk check
- Restart your computer
On reboot, your computer will perform a scan of your hard drive, and will attempt to repair any faults it might find, or any damaged disk sectors. The scan takes some time so be patient and wait for it to finish. When it finishes it will automatically boot into normal mode.
Please let me know if there was any damage discovered, and if Disk Check was able to repair it.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Mon Mar 19, 2012 6:27 pm Post subject: Malwarebytes log |
|
|
Hi Gary - Here is the log, one item to note the option to uncheck the C was not given or I couldn't find it so here is what popped up. I'll run the system check next. Thanks!!
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.19.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ambetu :: AMBETU-PC [administrator]
Protection: Enabled
3/19/2012 7:10:37 PM
mbam-log-2012-03-19 (19-10-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198914
Time elapsed: 9 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Mon Mar 19, 2012 10:54 pm Post subject: |
|
|
The option to uncheck items in C:\System Volume Information would only have been available if MBAM had actually found anything, since it didn't the option is not there.
The System Volume Information folder is where Microsoft puts your Restore Point files. Infected Restore Points cannot re-infect a computer unless restored to, so we generally wait until a computer is otherwise clean before we remove them.
OK, so far there's no sign of any active infection on your computer, and provided your Disk Check doesn't throw up any issues, I think we can be fairly confident that your computer is OK.
You have an outdated version of Java installed, and that needs to be updated.
- Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:
| Quote: |
| Java(TM) 6 Update 20 |
Question .... Did you install the Program ... Best Buy pc app ... or did it come pre-installed on your computer, or do you not know why it's there?
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Tue Mar 20, 2012 6:13 am Post subject: System check and questions |
|
|
HI Gary,
The system check took longer than I anticipated and was still running after I turned in for the night, I don't know how to find the results now as the computer shut off after 4 hours of inactivity. Is there a way for me to retrieve that info w/o having to rerun?
I will update my java as you've indicated, and the Best Buy pc app did come pre-installed.
Glad to hear that so far things are looking good and sure appreciate your kindness, thorough direction and generous help! |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Tue Mar 20, 2012 11:20 am Post subject: |
|
|
No need to run chkdsk again, it creates a log.
To get a copy of what it found please do the following ....
- Click Start and in the Search programs and files box type Event Viewer then hit Enter.
- The Event Viewer window will open. If it is not full page, then expand it so that it is (it's hard to see details otherwise).
- In the left pane click on Windows Logs to expand it.
- Click on Application
- In the right pane click on Filter current log ...
- A Filter Current Log window will open.
- Click on the drop down menu for Event Sources, then scroll down the list and check Wininit and Winlogon
- Click OK
- Now in the top central pane, scroll down and look for an event with an Event ID of 1001
- Click on this event to highlight it.
- In the right pane, click on Copy then Copy details as text (this will copy the log details to clipboard)
- Paste them in your next reply please.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Tue Mar 20, 2012 7:11 pm Post subject: Wininit log |
|
|
Thank you for helping me locate the info Gary!
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 3/19/2012 10:24:20 PM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: ambetu-PC
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is TI106139W0E.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
148480 file records processed.
File verification completed.
181 large file records processed.
0 bad file records processed.
0 EA records processed.
61 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
196754 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
148480 file SDs/SIDs processed.
Cleaning up 409 unused index entries from index $SII of file 0x9.
Cleaning up 409 unused index entries from index $SDH of file 0x9.
Cleaning up 409 unused security descriptors.
Security descriptor verification completed.
24138 data files processed.
CHKDSK is verifying Usn Journal...
34548208 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
148464 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
105201707 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
472454143 KB total disk space.
51306440 KB in 122353 files.
77824 KB in 24139 indexes.
0 KB in bad sectors.
263047 KB in use by the system.
65536 KB occupied by the log file.
420806832 KB available on disk.
4096 bytes in each allocation unit.
118113535 total allocation units on disk.
105201708 allocation units available on disk.
Internal Info:
00 44 02 00 47 3c 02 00 f6 1e 04 00 00 00 00 00 .D..G<..........
f7 02 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-20T05:24:20.000000000Z" />
<EventRecordID>57477</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>ambetu-PC</Computer>
<Security />
</System>
<EventData>
<Data>
Checking file system on C:
The type of the file system is NTFS.
Volume label is TI106139W0E.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
148480 file records processed.
File verification completed.
181 large file records processed.
0 bad file records processed.
0 EA records processed.
61 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
196754 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
148480 file SDs/SIDs processed.
Cleaning up 409 unused index entries from index $SII of file 0x9.
Cleaning up 409 unused index entries from index $SDH of file 0x9.
Cleaning up 409 unused security descriptors.
Security descriptor verification completed.
24138 data files processed.
CHKDSK is verifying Usn Journal...
34548208 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
148464 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
105201707 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.
472454143 KB total disk space.
51306440 KB in 122353 files.
77824 KB in 24139 indexes.
0 KB in bad sectors.
263047 KB in use by the system.
65536 KB occupied by the log file.
420806832 KB available on disk.
4096 bytes in each allocation unit.
118113535 total allocation units on disk.
105201708 allocation units available on disk.
Internal Info:
00 44 02 00 47 3c 02 00 f6 1e 04 00 00 00 00 00 .D..G<..........
f7 02 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 ....=...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event> |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Tue Mar 20, 2012 10:49 pm Post subject: |
|
|
From the results you've posted I can't see any problem with your hard drive. There are no file problems, and no bad sectors, both of which I'd expect to see if you had a faulty drive.
From the tests we've run I'd say the most likely scenario for what's happened, is the following ....
You landed on a "poisoned" web site/link, which attempted to con you into downloading a "fix", which you very sensibly did not allow. It would appear that the specific downloader does not use an "exploit" to gain access to your machine, and has to rely on persuading gullible victims into allowing access. Because of this it seems that you did not sustain an actual active infection.
Keep an eye on your machine, and if it starts behaving unusually, or you get any more warnings about your hard drive failing, please let me know.
Any questions, or any concerns about what we've done, please let me know
As a general note, if you ever get a pop-up of this type when accessing a site, the best way to shut it down is to hit Ctrl+F4 (which will close your browser), since closing it using the normal "cross in the corner" method will often trigger the download.
Now, let's clear away the tools we've been using to investigate your computer ....
Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller
- Double click OTL.exe to launch the programme.
- Click on the CleanUp! button.
- OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
- You will be prompted to allow the clean up procedure, click Yes
- When finished exit out of OTL
- Now delete OTL.exe (if still present).
Next
Please delete aswMBR and any log files it produced.
Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
If your computer is running slowly after your clean up, please read.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
ambetu
Newbie
Joined: 16 Mar 2012
Last Visit: 27 Mar 2012
Posts: 9
|
| Posted: Sat Mar 24, 2012 5:07 pm Post subject: checking in |
|
|
Hi Gary,
I apologize for my delay in responding, been a busy week. I will complete the last suggested steps and let you know how things are going in the next day or so.
Computer seems fine, is a little slow so I'll likely follow the steps in the link as well to see if that improves the performance.
Thank you again for all your assistance, I truly appreciate it! |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Sat Mar 24, 2012 10:37 pm Post subject: |
|
|
No problem, I know how it can get when you're busy, and you just can't fit everything in, you have to prioritise, and sometimes your computer is pretty low on the list.
Glad we could help set your mind at ease about it.
If it's still running slowly after you've performed the various tasks in the link I gave you, let me know, and we'll see if we can find a reason for the slowness.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
Gary R
Moderator
Joined: 03 May 2005
Last Visit: 18 May 2013
Posts: 9696
Location: Yorkshire
|
| Posted: Thu Mar 29, 2012 6:00 am Post subject: |
|
|
Since your problems appear to be resolved, this topic is now closed.
_________________
Gary R Administrator at Malware Removal University
If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
