Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Zeroaccess Rootkit


  • This topic is locked This topic is locked
7 replies to this topic

#1 georgyg

georgyg

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 27 October 2011 - 10:13 PM

I was directed here by "Broni" from the topic below:

http://www.bleepingcomputer.com/forums/topic422613.html/page__p__2434710__fromsearch__1#entry2434710


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-10 11:20:33
Windows 6.0.6002 Service Pack 2
Running: h1kx1nbv.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x55 0xEC 0x2C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xAD 0xC5 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x9E 0x76 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x55 0xEC 0x2C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xAD 0xC5 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x85 0x9E 0x76 0x52 ...

---- EOF - GMER 1.0.15 ----

This is my GMER scan from my last forum I just copied and pasted. I can not do a RUN DDS, I'm clicking on the download link and it isn't doing anything.

Thanks!

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:52 PM

Posted 01 November 2011 - 10:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425381 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:52 PM

Posted 16 November 2011 - 05:28 AM

Hi there,

If you're struggling to download the tools, you should download them on a clean PC and then transfer them to your infected PC. To make sure your USB drive doesn't get infected, first run this on your clean PC.

:step1: Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

:step2:
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

:step3: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 georgyg

georgyg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 19 November 2011 - 09:02 AM

Hey thanks for unlocking, I just came back from a 1 week business trip I will post the logs as soon as I get a chance. Thanks again!

#5 georgyg

georgyg
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 November 2011 - 10:50 PM

22:32:53.0622 3360 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
22:32:53.0957 3360 ============================================================
22:32:53.0957 3360 Current date / time: 2011/11/20 22:32:53.0957
22:32:53.0958 3360 SystemInfo:
22:32:53.0958 3360
22:32:53.0958 3360 OS Version: 6.0.6002 ServicePack: 2.0
22:32:53.0958 3360 Product type: Workstation
22:32:53.0958 3360 ComputerName: GEORGE-PC
22:32:53.0958 3360 UserName: George
22:32:53.0958 3360 Windows directory: C:\Windows
22:32:53.0958 3360 System windows directory: C:\Windows
22:32:53.0958 3360 Running under WOW64
22:32:53.0959 3360 Processor architecture: Intel x64
22:32:53.0959 3360 Number of processors: 2
22:32:53.0959 3360 Page size: 0x1000
22:32:53.0959 3360 Boot type: Normal boot
22:32:53.0959 3360 ============================================================
22:32:54.0497 3360 Initialize success
22:33:43.0401 3240 ============================================================
22:33:43.0401 3240 Scan started
22:33:43.0401 3240 Mode: Manual;
22:33:43.0401 3240 ============================================================
22:33:44.0268 3240 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:33:44.0276 3240 ACPI - ok
22:33:44.0430 3240 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:33:44.0487 3240 adp94xx - ok
22:33:44.0655 3240 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:33:44.0701 3240 adpahci - ok
22:33:44.0779 3240 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:33:44.0783 3240 adpu160m - ok
22:33:44.0905 3240 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:33:44.0910 3240 adpu320 - ok
22:33:45.0039 3240 AegisP (8dfc8e5a84be243b2bd1bfa0465aa5f2) C:\Windows\system32\DRIVERS\AegisP.sys
22:33:45.0041 3240 AegisP - ok
22:33:45.0277 3240 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:33:45.0300 3240 AFD - ok
22:33:45.0447 3240 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:33:45.0450 3240 agp440 - ok
22:33:45.0574 3240 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:33:45.0577 3240 aic78xx - ok
22:33:45.0725 3240 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:33:45.0727 3240 aliide - ok
22:33:45.0832 3240 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:33:45.0834 3240 amdide - ok
22:33:45.0954 3240 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:33:45.0957 3240 AmdK8 - ok
22:33:46.0148 3240 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:33:46.0153 3240 arc - ok
22:33:46.0275 3240 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:33:46.0278 3240 arcsas - ok
22:33:46.0455 3240 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:46.0456 3240 AsyncMac - ok
22:33:46.0570 3240 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:33:46.0572 3240 atapi - ok
22:33:46.0741 3240 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:33:46.0752 3240 blbdrive - ok
22:33:47.0001 3240 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:33:47.0004 3240 bowser - ok
22:33:47.0113 3240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:33:47.0115 3240 BrFiltLo - ok
22:33:47.0157 3240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:33:47.0159 3240 BrFiltUp - ok
22:33:47.0255 3240 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:33:47.0258 3240 Brserid - ok
22:33:47.0341 3240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:33:47.0343 3240 BrSerWdm - ok
22:33:47.0392 3240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:33:47.0394 3240 BrUsbMdm - ok
22:33:47.0441 3240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:33:47.0443 3240 BrUsbSer - ok
22:33:47.0518 3240 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:33:47.0521 3240 BTHMODEM - ok
22:33:47.0585 3240 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:33:47.0589 3240 cdfs - ok
22:33:47.0642 3240 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:33:47.0645 3240 cdrom - ok
22:33:47.0751 3240 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:33:47.0753 3240 circlass - ok
22:33:47.0829 3240 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:33:47.0852 3240 CLFS - ok
22:33:48.0000 3240 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:48.0002 3240 CmBatt - ok
22:33:48.0059 3240 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:33:48.0061 3240 cmdide - ok
22:33:48.0093 3240 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:33:48.0096 3240 Compbatt - ok
22:33:48.0175 3240 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:33:48.0177 3240 crcdisk - ok
22:33:48.0295 3240 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:33:48.0298 3240 DfsC - ok
22:33:48.0374 3240 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:33:48.0377 3240 disk - ok
22:33:48.0491 3240 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
22:33:48.0496 3240 Dot4 - ok
22:33:48.0571 3240 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:33:48.0573 3240 Dot4Print - ok
22:33:48.0636 3240 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
22:33:48.0638 3240 dot4usb - ok
22:33:48.0711 3240 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:33:48.0712 3240 drmkaud - ok
22:33:48.0809 3240 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:33:48.0843 3240 DXGKrnl - ok
22:33:48.0933 3240 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:33:48.0938 3240 E1G60 - ok
22:33:49.0038 3240 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:33:49.0043 3240 Ecache - ok
22:33:49.0098 3240 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:33:49.0121 3240 elxstor - ok
22:33:49.0207 3240 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:33:49.0209 3240 ErrDev - ok
22:33:49.0325 3240 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:33:49.0330 3240 exfat - ok
22:33:49.0391 3240 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:33:49.0397 3240 fastfat - ok
22:33:49.0495 3240 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:33:49.0498 3240 fdc - ok
22:33:49.0590 3240 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:33:49.0593 3240 FileInfo - ok
22:33:49.0649 3240 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:33:49.0651 3240 Filetrace - ok
22:33:49.0704 3240 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:49.0706 3240 flpydisk - ok
22:33:49.0785 3240 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:33:49.0792 3240 FltMgr - ok
22:33:49.0900 3240 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:33:49.0902 3240 Fs_Rec - ok
22:33:49.0965 3240 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
22:33:49.0967 3240 FwLnk - ok
22:33:50.0005 3240 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:33:50.0008 3240 gagp30kx - ok
22:33:50.0113 3240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:33:50.0115 3240 GEARAspiWDM - ok
22:33:50.0213 3240 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:33:50.0220 3240 HdAudAddService - ok
22:33:50.0318 3240 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:33:50.0352 3240 HDAudBus - ok
22:33:50.0421 3240 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:33:50.0424 3240 HidBth - ok
22:33:50.0500 3240 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:33:50.0502 3240 HidIr - ok
22:33:50.0553 3240 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
22:33:50.0555 3240 HidUsb - ok
22:33:50.0643 3240 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:33:50.0645 3240 HpCISSs - ok
22:33:50.0728 3240 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:33:50.0752 3240 HTTP - ok
22:33:50.0810 3240 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:33:50.0813 3240 i2omp - ok
22:33:50.0883 3240 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:33:50.0886 3240 i8042prt - ok
22:33:50.0978 3240 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
22:33:50.0982 3240 iaStor - ok
22:33:51.0040 3240 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:33:51.0049 3240 iaStorV - ok
22:33:51.0421 3240 igfx (0c00f469ca113ec191e916d4590d68b6) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:33:51.0632 3240 igfx - ok
22:33:51.0729 3240 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:33:51.0731 3240 iirsp - ok
22:33:51.0857 3240 IntcAzAudAddService (f93149ce3e6a866c5f42878bcff34b6a) C:\Windows\system32\drivers\RTKVHD64.sys
22:33:51.0936 3240 IntcAzAudAddService - ok
22:33:51.0986 3240 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:33:51.0988 3240 intelide - ok
22:33:52.0047 3240 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:33:52.0048 3240 intelppm - ok
22:33:52.0122 3240 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:52.0125 3240 IpFilterDriver - ok
22:33:52.0200 3240 IpInIp - ok
22:33:52.0269 3240 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:33:52.0272 3240 IPMIDRV - ok
22:33:52.0319 3240 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:33:52.0323 3240 IPNAT - ok
22:33:52.0386 3240 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:33:52.0388 3240 IRENUM - ok
22:33:52.0457 3240 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:33:52.0459 3240 isapnp - ok
22:33:52.0524 3240 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:33:52.0529 3240 iScsiPrt - ok
22:33:52.0589 3240 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:33:52.0591 3240 iteatapi - ok
22:33:52.0658 3240 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:33:52.0660 3240 iteraid - ok
22:33:52.0709 3240 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:52.0712 3240 kbdclass - ok
22:33:52.0757 3240 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:33:52.0759 3240 kbdhid - ok
22:33:52.0832 3240 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
22:33:52.0838 3240 KR10I64 - ok
22:33:52.0915 3240 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
22:33:52.0922 3240 KR10N64 - ok
22:33:53.0031 3240 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:33:53.0053 3240 KSecDD - ok
22:33:53.0104 3240 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:33:53.0105 3240 ksthunk - ok
22:33:53.0166 3240 Lavasoft Kernexplorer - ok
22:33:53.0263 3240 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
22:33:53.0266 3240 Lbd - ok
22:33:53.0313 3240 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:33:53.0315 3240 lltdio - ok
22:33:53.0397 3240 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:33:53.0401 3240 LSI_FC - ok
22:33:53.0448 3240 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:33:53.0452 3240 LSI_SAS - ok
22:33:53.0526 3240 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:33:53.0529 3240 LSI_SCSI - ok
22:33:53.0568 3240 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:33:53.0572 3240 luafv - ok
22:33:53.0666 3240 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:33:53.0668 3240 megasas - ok
22:33:53.0759 3240 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:33:53.0783 3240 MegaSR - ok
22:33:53.0831 3240 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:33:53.0833 3240 Modem - ok
22:33:53.0907 3240 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:33:53.0908 3240 monitor - ok
22:33:53.0940 3240 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:33:53.0942 3240 mouclass - ok
22:33:54.0002 3240 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:33:54.0004 3240 mouhid - ok
22:33:54.0039 3240 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:33:54.0042 3240 MountMgr - ok
22:33:54.0081 3240 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:33:54.0085 3240 mpio - ok
22:33:54.0153 3240 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:33:54.0156 3240 mpsdrv - ok
22:33:54.0217 3240 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:33:54.0219 3240 Mraid35x - ok
22:33:54.0298 3240 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:33:54.0302 3240 MRxDAV - ok
22:33:54.0344 3240 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:54.0348 3240 mrxsmb - ok
22:33:54.0403 3240 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:54.0411 3240 mrxsmb10 - ok
22:33:54.0462 3240 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:54.0465 3240 mrxsmb20 - ok
22:33:54.0521 3240 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:33:54.0523 3240 msahci - ok
22:33:54.0574 3240 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:33:54.0578 3240 msdsm - ok
22:33:54.0637 3240 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:33:54.0639 3240 Msfs - ok
22:33:54.0713 3240 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:33:54.0715 3240 msisadrv - ok
22:33:54.0809 3240 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:33:54.0811 3240 MSKSSRV - ok
22:33:54.0863 3240 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:54.0864 3240 MSPCLOCK - ok
22:33:54.0908 3240 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:33:54.0909 3240 MSPQM - ok
22:33:54.0968 3240 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:33:54.0976 3240 MsRPC - ok
22:33:55.0056 3240 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:33:55.0057 3240 mssmbios - ok
22:33:55.0103 3240 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:33:55.0104 3240 MSTEE - ok
22:33:55.0147 3240 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:33:55.0151 3240 Mup - ok
22:33:55.0196 3240 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:33:55.0201 3240 NativeWifiP - ok
22:33:55.0313 3240 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:33:55.0336 3240 NDIS - ok
22:33:55.0361 3240 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:55.0363 3240 NdisTapi - ok
22:33:55.0393 3240 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:55.0395 3240 Ndisuio - ok
22:33:55.0442 3240 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:55.0447 3240 NdisWan - ok
22:33:55.0525 3240 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:33:55.0527 3240 NDProxy - ok
22:33:55.0562 3240 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:33:55.0565 3240 NetBIOS - ok
22:33:55.0618 3240 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:33:55.0625 3240 netbt - ok
22:33:55.0818 3240 NETw4v64 (896df962e76276c17127fc17db3e916b) C:\Windows\system32\DRIVERS\NETw4v64.sys
22:33:55.0918 3240 NETw4v64 - ok
22:33:56.0003 3240 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:33:56.0005 3240 nfrd960 - ok
22:33:56.0070 3240 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:33:56.0073 3240 Npfs - ok
22:33:56.0102 3240 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:33:56.0104 3240 nsiproxy - ok
22:33:56.0191 3240 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:33:56.0236 3240 Ntfs - ok
22:33:56.0279 3240 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:33:56.0281 3240 Null - ok
22:33:56.0364 3240 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:33:56.0368 3240 nvraid - ok
22:33:56.0422 3240 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:33:56.0424 3240 nvstor - ok
22:33:56.0470 3240 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:33:56.0475 3240 nv_agp - ok
22:33:56.0512 3240 NwlnkFlt - ok
22:33:56.0545 3240 NwlnkFwd - ok
22:33:56.0642 3240 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:33:56.0644 3240 ohci1394 - ok
22:33:56.0703 3240 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:33:56.0708 3240 Parport - ok
22:33:56.0754 3240 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:33:56.0757 3240 partmgr - ok
22:33:56.0807 3240 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:33:56.0812 3240 pci - ok
22:33:56.0886 3240 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:33:56.0888 3240 pciide - ok
22:33:56.0957 3240 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:33:56.0963 3240 pcmcia - ok
22:33:57.0027 3240 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:33:57.0050 3240 PEAUTH - ok
22:33:57.0229 3240 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:33:57.0233 3240 PptpMiniport - ok
22:33:57.0271 3240 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:33:57.0273 3240 Processor - ok
22:33:57.0344 3240 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:33:57.0347 3240 PSched - ok
22:33:57.0423 3240 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:33:57.0468 3240 ql2300 - ok
22:33:57.0559 3240 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:33:57.0563 3240 ql40xx - ok
22:33:57.0613 3240 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:33:57.0616 3240 QWAVEdrv - ok
22:33:57.0658 3240 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:33:57.0660 3240 RasAcd - ok
22:33:57.0727 3240 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:57.0731 3240 Rasl2tp - ok
22:33:57.0814 3240 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:57.0816 3240 RasPppoe - ok
22:33:57.0861 3240 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:33:57.0864 3240 RasSstp - ok
22:33:57.0924 3240 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:33:57.0932 3240 rdbss - ok
22:33:57.0991 3240 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:57.0992 3240 RDPCDD - ok
22:33:58.0087 3240 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:33:58.0096 3240 rdpdr - ok
22:33:58.0135 3240 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:33:58.0137 3240 RDPENCDD - ok
22:33:58.0208 3240 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:33:58.0214 3240 RDPWD - ok
22:33:58.0300 3240 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:33:58.0303 3240 rimmptsk - ok
22:33:58.0379 3240 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
22:33:58.0382 3240 rimsptsk - ok
22:33:58.0438 3240 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
22:33:58.0442 3240 RimUsb - ok
22:33:58.0509 3240 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
22:33:58.0511 3240 RimVSerPort - ok
22:33:58.0585 3240 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:33:58.0588 3240 rismxdp - ok
22:33:58.0638 3240 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
22:33:58.0641 3240 ROOTMODEM - ok
22:33:58.0690 3240 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:33:58.0693 3240 rspndr - ok
22:33:58.0723 3240 RTHDMIAzAudService - ok
22:33:58.0777 3240 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:33:58.0784 3240 RTL8169 - ok
22:33:58.0864 3240 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:33:58.0868 3240 sbp2port - ok
22:33:58.0968 3240 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
22:33:58.0972 3240 sdbus - ok
22:33:59.0082 3240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:33:59.0084 3240 secdrv - ok
22:33:59.0160 3240 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:33:59.0164 3240 Serenum - ok
22:33:59.0234 3240 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:33:59.0237 3240 Serial - ok
22:33:59.0305 3240 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:33:59.0307 3240 sermouse - ok
22:33:59.0390 3240 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:33:59.0392 3240 sffdisk - ok
22:33:59.0444 3240 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:33:59.0446 3240 sffp_mmc - ok
22:33:59.0493 3240 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:33:59.0495 3240 sffp_sd - ok
22:33:59.0551 3240 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:33:59.0552 3240 sfloppy - ok
22:33:59.0641 3240 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:33:59.0643 3240 SiSRaid2 - ok
22:33:59.0684 3240 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:33:59.0688 3240 SiSRaid4 - ok
22:33:59.0754 3240 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:33:59.0757 3240 Smb - ok
22:33:59.0836 3240 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:33:59.0837 3240 spldr - ok
22:34:00.0003 3240 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
22:34:00.0038 3240 sptd - ok
22:34:00.0113 3240 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:34:00.0136 3240 srv - ok
22:34:00.0196 3240 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:34:00.0201 3240 srv2 - ok
22:34:00.0276 3240 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:34:00.0281 3240 srvnet - ok
22:34:00.0349 3240 SVRPEDRV - ok
22:34:00.0401 3240 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:34:00.0403 3240 swenum - ok
22:34:00.0449 3240 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:34:00.0452 3240 Symc8xx - ok
22:34:00.0530 3240 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:34:00.0532 3240 Sym_hi - ok
22:34:00.0611 3240 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:34:00.0613 3240 Sym_u3 - ok
22:34:00.0677 3240 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
22:34:00.0684 3240 SynTP - ok
22:34:00.0797 3240 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:34:00.0844 3240 Tcpip - ok
22:34:00.0942 3240 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:34:00.0959 3240 Tcpip6 - ok
22:34:01.0017 3240 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:34:01.0019 3240 tcpipreg - ok
22:34:01.0059 3240 tdcmdpst (019e155d0225d76c24936e98d7d65cf6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:34:01.0061 3240 tdcmdpst - ok
22:34:01.0106 3240 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:34:01.0108 3240 TDPIPE - ok
22:34:01.0154 3240 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:34:01.0156 3240 TDTCP - ok
22:34:01.0231 3240 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:34:01.0235 3240 tdx - ok
22:34:01.0283 3240 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:34:01.0286 3240 TermDD - ok
22:34:01.0429 3240 Tosrfcom - ok
22:34:01.0516 3240 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
22:34:01.0518 3240 tosrfec - ok
22:34:01.0621 3240 tos_sps64 (711ee5ea958c345a50b69abbbd74d646) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:34:01.0643 3240 tos_sps64 - ok
22:34:01.0692 3240 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:34:01.0694 3240 tssecsrv - ok
22:34:01.0734 3240 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:34:01.0736 3240 tunmp - ok
22:34:01.0795 3240 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:34:01.0797 3240 tunnel - ok
22:34:01.0865 3240 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:34:01.0867 3240 TVALZ - ok
22:34:01.0935 3240 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:34:01.0938 3240 uagp35 - ok
22:34:02.0001 3240 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:34:02.0009 3240 udfs - ok
22:34:02.0091 3240 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:34:02.0094 3240 uliagpkx - ok
22:34:02.0169 3240 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:34:02.0177 3240 uliahci - ok
22:34:02.0242 3240 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:34:02.0247 3240 UlSata - ok
22:34:02.0334 3240 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:34:02.0340 3240 ulsata2 - ok
22:34:02.0403 3240 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:34:02.0405 3240 umbus - ok
22:34:02.0470 3240 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
22:34:02.0471 3240 UMPass - ok
22:34:02.0556 3240 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:34:02.0558 3240 USBAAPL64 - ok
22:34:02.0631 3240 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:34:02.0634 3240 usbccgp - ok
22:34:02.0714 3240 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:34:02.0717 3240 usbcir - ok
22:34:02.0766 3240 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:34:02.0769 3240 usbehci - ok
22:34:02.0826 3240 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:34:02.0834 3240 usbhub - ok
22:34:02.0911 3240 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:34:02.0913 3240 usbohci - ok
22:34:02.0995 3240 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:34:02.0997 3240 usbprint - ok
22:34:03.0043 3240 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:34:03.0045 3240 usbscan - ok
22:34:03.0115 3240 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:34:03.0118 3240 USBSTOR - ok
22:34:03.0188 3240 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:34:03.0190 3240 usbuhci - ok
22:34:03.0259 3240 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:34:03.0264 3240 usbvideo - ok
22:34:03.0314 3240 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:34:03.0315 3240 UVCFTR - ok
22:34:03.0370 3240 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:34:03.0373 3240 vga - ok
22:34:03.0432 3240 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:34:03.0434 3240 VgaSave - ok
22:34:03.0510 3240 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:34:03.0512 3240 viaide - ok
22:34:03.0565 3240 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:34:03.0568 3240 volmgr - ok
22:34:03.0625 3240 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:34:03.0649 3240 volmgrx - ok
22:34:03.0702 3240 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:34:03.0710 3240 volsnap - ok
22:34:03.0798 3240 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:34:03.0803 3240 vsmraid - ok
22:34:03.0914 3240 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:34:03.0917 3240 WacomPen - ok
22:34:03.0981 3240 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:03.0984 3240 Wanarp - ok
22:34:04.0003 3240 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:34:04.0005 3240 Wanarpv6 - ok
22:34:04.0085 3240 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
22:34:04.0087 3240 wanatw - ok
22:34:04.0173 3240 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:34:04.0175 3240 Wd - ok
22:34:04.0270 3240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:34:04.0293 3240 Wdf01000 - ok
22:34:04.0413 3240 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:34:04.0415 3240 WmiAcpi - ok
22:34:04.0501 3240 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:34:04.0503 3240 WpdUsb - ok
22:34:04.0573 3240 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:34:04.0575 3240 ws2ifsl - ok
22:34:04.0688 3240 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:34:04.0692 3240 WUDFRd - ok
22:34:04.0738 3240 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:34:04.0775 3240 \Device\Harddisk0\DR0 - ok
22:34:04.0781 3240 Boot (0x1200) (2215fd19415173255a67123aa6767e80) \Device\Harddisk0\DR0\Partition0
22:34:04.0783 3240 \Device\Harddisk0\DR0\Partition0 - ok
22:34:04.0786 3240 ============================================================
22:34:04.0786 3240 Scan finished
22:34:04.0786 3240 ============================================================
22:34:04.0811 6052 Detected object count: 0
22:34:04.0811 6052 Actual detected object count: 0




OTL logfile created on: 11/20/2011 10:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.90% Memory free
8.18 Gb Paging File | 6.06 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 129.17 Gb Free Space | 43.55% Space Free | Partition Type: NTFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 22:38:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\George\Downloads\OTL (1).exe
PRC - [2011/10/21 02:02:08 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\George\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/01/11 20:17:34 | 000,856,064 | ---- | M] () -- C:\Users\George\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/03/21 15:37:14 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2008/02/14 14:08:30 | 000,184,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2008/01/22 13:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/20 21:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2008/01/09 17:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 16:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/13 22:52:00 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2007/10/25 19:41:18 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 19:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/15 00:39:54 | 000,420,920 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/15 00:39:53 | 003,702,840 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/15 00:38:16 | 000,122,952 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/15 00:38:15 | 000,222,280 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/15 00:38:14 | 001,746,504 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 21:36:18 | 008,593,056 | ---- | M] () -- C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008/01/22 13:00:30 | 004,624,384 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/01/02 23:27:40 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008/01/02 23:27:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
MOD - [2007/12/24 16:46:54 | 002,449,408 | ---- | M] () -- C:\Program Files (x86)\ffdshow\ffdshow.ax


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/17 18:29:48 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/12/03 19:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 20:17:34 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Users\George\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/21 18:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:06:42 | 000,168,296 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/02 03:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/06/14 21:21:49 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/14 10:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/06/16 09:10:28 | 000,030,208 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV:64bit: - [2008/02/21 12:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/21 17:42:26 | 000,531,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007/12/20 18:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/11/09 16:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/09/30 01:03:32 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2007/09/26 08:19:08 | 003,196,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) Intel®
DRV:64bit: - [2007/09/13 16:27:10 | 007,041,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/27 21:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 22:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV:64bit: - [2006/11/20 01:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 01:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 01:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/10/23 19:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2006/10/19 15:10:40 | 000,027,456 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\George\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\George\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\George\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/03/21 15:34:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 16:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 16:40:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\George\AppData\Roaming\Move Networks [2009/09/04 14:12:32 | 000,000,000 | ---D | M]

[2009/02/17 21:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Extensions
[2011/11/20 09:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\3dk46hvc.default\extensions
[2009/09/03 19:04:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\3dk46hvc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/14 21:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\3dk46hvc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/14 19:54:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\3dk46hvc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(42)
[2011/10/30 23:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/17 13:33:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/22 18:59:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/06 18:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/30 07:05:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/30 23:02:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/09/04 14:12:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\GEORGE\APPDATA\ROAMING\MOVE NETWORKS
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\George\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\George\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: InvisibleHand = C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.3.14_0\

Hosts file not found
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] c:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2808877515-2031380678-1226575635-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41F12069-A3A2-4297-83EF-55FAF2409A80}: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\George\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5922e71e-6556-11df-9494-001e33488ffe}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{5922e71e-6556-11df-9494-001e33488ffe}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{6fbc5265-bfc8-11dd-b048-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6fbc5265-bfc8-11dd-b048-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O33 - MountPoints2\{897a1bfa-5953-11de-8dca-001e33488ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{897a1bfa-5953-11de-8dca-001e33488ffe}\Shell\AutoRun\command - "" = E:\RE2Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/16 18:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/10/30 23:02:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/30 23:02:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/30 23:02:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\George\Documents\*.tmp files -> C:\Users\George\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 22:21:42 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 22:21:42 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 22:18:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 22:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808877515-2031380678-1226575635-1000UA.job
[2011/11/20 21:50:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/20 16:27:54 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/20 16:27:54 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/20 16:27:54 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/20 16:21:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 12:13:21 | 000,112,128 | ---- | M] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 23:08:29 | 000,002,058 | ---- | M] () -- C:\Users\George\Desktop\Google Chrome.lnk
[2011/11/19 23:08:29 | 000,002,020 | ---- | M] () -- C:\Users\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/19 09:10:19 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808877515-2031380678-1226575635-1000Core.job
[2011/11/17 08:35:47 | 000,064,976 | ---- | M] () -- C:\Users\George\Desktop\Carseat.jpg
[2011/11/15 07:49:10 | 000,056,185 | ---- | M] () -- C:\Users\George\Desktop\problem.jpg
[2011/11/15 07:38:30 | 000,060,218 | ---- | M] () -- C:\Users\George\Desktop\broom.jpg
[2011/11/13 01:16:36 | 097,543,023 | ---- | M] () -- C:\Users\George\Desktop\02-tiesto-club_life-241-cable-13-11-2011-1king.mp3
[2011/11/13 01:16:36 | 096,063,903 | ---- | M] () -- C:\Users\George\Desktop\01-tiesto-club_life-241-cable-13-11-2011-1king.mp3
[2011/11/09 04:41:30 | 000,721,764 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/04 19:56:29 | 565,290,927 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/30 07:59:01 | 000,285,152 | ---- | M] () -- C:\Users\George\Desktop\women.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\George\Documents\*.tmp files -> C:\Users\George\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 21:02:48 | 097,543,023 | ---- | C] () -- C:\Users\George\Desktop\02-tiesto-club_life-241-cable-13-11-2011-1king.mp3
[2011/11/20 21:02:46 | 096,063,903 | ---- | C] () -- C:\Users\George\Desktop\01-tiesto-club_life-241-cable-13-11-2011-1king.mp3
[2011/11/17 08:35:47 | 000,064,976 | ---- | C] () -- C:\Users\George\Desktop\Carseat.jpg
[2011/11/15 07:49:10 | 000,056,185 | ---- | C] () -- C:\Users\George\Desktop\problem.jpg
[2011/11/15 07:38:30 | 000,060,218 | ---- | C] () -- C:\Users\George\Desktop\broom.jpg
[2011/11/09 04:41:30 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/30 07:59:01 | 000,285,152 | ---- | C] () -- C:\Users\George\Desktop\women.jpg
[2011/09/15 06:11:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/15 06:11:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/29 21:58:12 | 000,101,408 | ---- | C] () -- C:\Users\George\AppData\Roaming\MMUpgrade.jpg
[2011/02/04 23:01:35 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2010/01/16 23:27:54 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/09/23 21:18:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/23 21:18:00 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/23 21:17:28 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/07 19:07:51 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2009/06/27 08:11:47 | 000,116,863 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/24 21:38:14 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/06/24 21:38:14 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/03/03 14:38:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/05 22:41:01 | 000,126,464 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2009/02/04 23:08:10 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/02/04 22:25:37 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/17 14:25:44 | 000,141,226 | ---- | C] () -- C:\Windows\hpoins14.dat
[2008/12/15 11:38:12 | 000,112,128 | ---- | C] () -- C:\Users\George\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/04 18:27:37 | 000,005,864 | ---- | C] () -- C:\Users\George\AppData\Local\d3d9caps.dat
[2008/12/03 22:38:32 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/01 13:00:49 | 000,000,013 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2008/03/11 19:05:49 | 000,257,053 | ---- | C] () -- C:\Windows\WOLSET.EXE
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2008/02/15 06:19:35 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/15 05:19:35 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/02/15 05:19:35 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/02/15 05:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/02/15 05:19:35 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/02/15 05:19:35 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/02/15 05:19:35 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/02/15 03:52:35 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\TosBtAcc.dll
[2007/09/13 16:25:52 | 001,238,832 | ---- | C] () -- C:\Windows\SysWow64\igmedkrn.dll
[2007/09/13 16:25:52 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2007/06/05 18:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >




OTL Extras logfile created on: 11/20/2011 10:38:25 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\George\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.90% Memory free
8.18 Gb Paging File | 6.06 Gb Available in Paging File | 74.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.62 Gb Total Space | 129.17 Gb Free Space | 43.55% Space Free | Partition Type: NTFS

Computer Name: GEORGE-PC | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2808877515-2031380678-1226575635-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\George\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\George\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 7E 8E F0 DA DD 6D CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0255E1B8-2B81-484A-92C4-9851EFDBDF92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0513C3D6-448A-4B07-8DFA-62F71ACF0E1B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0EB9F8FA-F0C9-4515-8D2B-2179A16EAC55}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{15C43278-02BB-45ED-BA2C-65A611F4A27A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{17336F1D-3EC1-49EF-8586-F3C4D70B5031}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2506788F-84A5-4DC5-8C81-BD6FAE6D9ABE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25655CD3-C86D-43C4-86A9-938F52FAE681}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E440100-9ABA-4A97-BC89-2AC13047F872}" = lport=139 | protocol=6 | dir=in | app=system |
"{37AF3C07-8BDA-4F08-94BA-F8B0C0875862}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BDDA4CE-935A-4FF4-8CFD-430F6346920C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D2EE047-D2F0-4826-95A2-C47C3D2A00CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3FD67B14-7AC1-4F88-B151-257F02855601}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{46A75CBF-7758-4475-9D33-B38CB32568E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55CB7FCF-9437-48D8-A97E-78F03AE743E9}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A18F630-BD11-4E00-8692-80CE453A6A2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E58E1C6-ACBA-4F48-9A92-C1453AF20BBC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{631D9144-5483-4B9B-86FE-9A50794C1FC8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{69B77084-9E5C-47A7-B12A-DB2EC5CFB8AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D2CD48B-109A-4B7A-B55B-B3FF7292A7C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81E768CF-04F2-4CA4-8B06-493B4927C004}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8561B21E-54F8-40FF-9CEB-9C1547E284F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A34BFC-1838-446F-AE20-41D01E5590CA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{906ACA6F-51EA-4981-8444-1E0B424CA28B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97908954-3671-4AE8-BE99-2944FCD91ADD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{991F7E92-6590-47D6-B39E-6145D3283114}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E5E9F07-9E0E-443C-B755-F4471CC50EFB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9FD40232-BBA9-4968-AEAC-41B4016BA598}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A7890D56-07A2-4412-A15A-252ADF4C40CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACE75078-B47F-4BDD-ABF5-C397B3358D21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF4EF56C-C849-45DE-BEC7-89C0FA148171}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFC76203-1CCC-4217-8A10-1DFAAEAEA0CE}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B30273F1-28EE-4230-80DC-2E2D206F93B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B53D0D11-DA8B-4C9E-84CE-9F6D86F9F8E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BDE42F0A-12AD-4E97-B89B-A0CBA478EC30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4769365-3D14-4C84-B124-F40C9B37A33D}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C7AA6630-A170-4F4C-BFBB-58157B1F6373}" = rport=138 | protocol=17 | dir=out | app=system |
"{C7B257E4-46E8-44B5-B87B-5AE74115DAD8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC6A1797-3425-409D-A16E-294757018504}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFFB81D5-64F5-4723-A5B6-29637391C329}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D4B26821-FB3D-4742-8C54-3E94B0593825}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E6139E7A-6E4A-4CAE-B9CA-112B4331CB40}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EBFA1CFF-E7E1-4AE5-8240-BB42F279E373}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EF187214-E6F3-4BBD-854E-3BA7FD6F5419}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2AE04E1-6E91-4D56-A9A4-69CA68927230}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F55553DA-EAF4-4835-ACC5-B468FD9D390F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6A474B3-2AC4-43F5-B304-B303512D32E7}" = lport=138 | protocol=17 | dir=in | app=system |
"{F932D219-A067-4E79-B8ED-56CDECDB51FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9DB14B0-C042-476F-A126-7EC33A2C46A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBD486B8-70EF-48A6-A360-EC30763161A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FC50F5BA-477E-48C7-B637-B794E7583C49}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09BE9E4C-A581-4A78-9ADB-19E9CBA7A125}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0E400421-2C11-42C9-9E3A-5837D8ACBC23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1086456E-0F7A-4436-9389-B90D0A8B6DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.0\waol.exe |
"{1BED95AC-79BA-4A00-A0FA-D6C924F77C0C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C660AF4-2A91-4D87-AD0A-BFF0B9466117}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1CEB28D0-52CA-44AA-AFE8-FA9AFA770661}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{1E72A8A2-6A36-4DBF-B418-4B421EAD6A30}" = protocol=17 | dir=in | app=c:\users\george\appdata\local\tversity\media server\mediaserver.exe |
"{212B4169-5048-41F7-B74D-9998597FBCEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2655D960-885B-4607-90DF-2092CD63026A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3100C7B0-025C-41B2-9F89-151E9A60E3EB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\pcmservice.exe |
"{3521E7A4-4F9E-4A5C-AEF3-29485B4CE892}" = protocol=6 | dir=out | app=system |
"{3532D8D3-1EF3-47C7-A656-EDD1BD0BFAFA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B15E64B-C30D-4435-AA34-9DDD24B86563}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{42084585-B5E4-40F9-9DBE-27BFF48CD75A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{424A5A16-E36A-423C-8CD6-A6476B477D59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{438CA2FD-38EF-481E-B0EA-DA3FFA95D1E4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45D56E0B-1DF1-4A0C-BC9A-26D165008E36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46D19E0F-E73A-45BE-A881-C5478A70B6D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49530EDB-38D1-4F13-AFEF-D8B44D9E1028}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4C7A19E7-B8F5-4C8E-8678-82B711A72205}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{4CECF944-FFBC-41CF-9456-F2A298FFA6BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D71099D-3802-4162-B77D-F3B6B04EE413}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5586C1BE-BC3A-4BE0-B5BF-496083E4F490}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{59E8428D-B159-42EE-95C9-8FBA6138D088}" = protocol=6 | dir=in | app=c:\users\george\appdata\local\tversity\media server\mediaserver.exe |
"{5F5E4FED-8287-4A29-987A-FE14A02B24F5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6129CBBE-DB83-43A0-8E80-AFF95C4707DF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{6578E46E-4E85-45B6-A07C-ECC1BDF80E80}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{658D5221-8D36-4D9B-A277-3E563E8D88D9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe |
"{6BCF3315-2345-489C-838A-3812D800D6F8}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.0\waol.exe |
"{6F9972B0-B76E-4056-9D6D-7F23C227D934}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{731BCA28-22EB-4CFB-A18A-17FAD13BE21A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94DC335B-B41B-4AC2-B1FC-1CDD02ECC16B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9B2D8ABA-0CDF-4476-B96F-84FD2A857B77}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1233804401\ee\aolsoftware.exe |
"{9FE8730C-78A8-4A68-B6BB-7F4F8951D586}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
"{A2779BA4-C7D7-456B-AACD-BF1618306ED8}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{A40E815B-67DB-48E3-9128-0CCD32F388B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5C48E55-3821-4555-AC10-C8F56640C1A4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A83F60AF-F0AA-4E1C-8F5A-65D8C8A02F97}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{AB3A904D-62AA-485E-99C3-9859B486FDC5}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{ABE2F2F6-CC6D-4C12-9E2A-F5334C13798B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADE1253D-002E-4CA6-B6B5-98EDAC091289}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BAACC8E7-4661-42B1-954E-609217A0AB8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE91C983-6E93-4E9C-8A0E-6701A6F4D5E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2622B5F-F1C2-4046-B83E-B25073060623}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1233804401\ee\aolsoftware.exe |
"{C3413B77-EEC9-4F09-AE09-144916BDECE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C7565EE5-AE7E-42B5-B707-0953B6DF5216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE7A6EF1-1D5F-4B11-9F80-0327551F16AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CFA7C702-7153-403D-872C-ECD79588DED9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1C498D6-63D7-4EE7-B3B9-B4E0293DB6F6}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{D7BFA2D7-7403-4791-A565-66C58FA5E1BF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBEB45D9-F3E9-4047-B8E3-6D91A80FD624}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DED80C44-D528-4452-9B78-15479EE26225}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6217E3B-F1AA-4D58-9651-4AC1225C12E5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{EAAEEEB9-5330-4263-AE28-D1D99D094E87}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EE7430BC-5910-42C0-9B68-CBA281996E95}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F508EAF2-573B-4831-8463-924191E0B5E8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F72ADFAE-6B56-4062-B364-EC7A338A5C03}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe |
"{FA3A140F-A3DA-4389-840D-F257313AFDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe |
"{FBBE8AD7-A95F-4D85-BB3D-BCBEC3B7D5E6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe |
"TCP Query User{1D7FC42B-5048-481D-88B4-ED5121C71F07}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe |
"TCP Query User{4A4A28C0-7843-4C52-8443-EE9D6BE69178}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
"TCP Query User{6D1AB398-5044-4AE1-89BE-105E5361BAA1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{789060AC-F1F0-42B4-8E45-AE0FB7080E0B}C:\users\george\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\george\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{8B7080DC-CBFC-4F2C-89C5-1E004B363A27}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{C78FBA02-A28A-492A-BBEC-5298B63336B7}E:\techwizard.exe" = protocol=6 | dir=in | app=e:\techwizard.exe |
"TCP Query User{EEAAFC7B-3327-48B2-85F0-49DAC316E7A1}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{3AC00DA5-747A-487A-8484-9300F89486CC}E:\techwizard.exe" = protocol=17 | dir=in | app=e:\techwizard.exe |
"UDP Query User{3F4FA97B-E085-41BF-885D-4B72CB47F670}C:\program files (x86)\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |
"UDP Query User{4CE673A1-25E9-430B-AD71-ABC0921B053F}C:\users\george\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\george\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{5C083BC5-2006-4681-B516-CFFF6BDD4A4A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{5F3E48CD-8EB2-46E6-A3FA-C05350F8D864}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{856A0415-0D8C-4BB4-B60F-77CB0C57BC3D}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"UDP Query User{A7E90C62-4233-445A-B784-0C18624D70B0}C:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\verizon\verizon media manager\release\verizon media manager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{9C7AB2D0-7768-4708-B9DA-6C1F44C9833A}" = mCPlug
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel® PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{152D98A0-1A4A-11DE-72AE-0C3234F92CD6}" = Baseball Mogul 2010
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3CC3AAB9-548F-4F48-A960-9CB368B501A0}" = Verizon FiOS Connection Wizard
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5706E362-3161-46F1-A89A-61739E637EB1}" = FM Tuner Utility
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BBB08B2B-F1F7-43BF-803F-AA3AA807E9FF}" = Verizon FiOS Connection Wizard
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"Airport Mania_is1" = Airport Mania
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Any Video Converter_is1" = Any Video Converter 3.0.7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Cisco Connect" = Cisco Connect
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"Romantic Dares_is1" = Romantic Dares Version 4.7.5
"Sexual Pursuits Demo_is1" = Sexual Pursuits Version 12.0.7
"tixati" = Tixati
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.3 Beta
"Verizon Media Manager" = Verizon Media Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2808877515-2031380678-1226575635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2011 10:36:10 AM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7d0 Start Time: 01cca78a9c5bb011 Termination Time: 71

Error - 11/20/2011 10:44:52 AM | Computer Name = George-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2011 3:47:58 PM | Computer Name = George-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2011 4:30:32 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 684 Start Time: 01cca7bd181b93b8 Termination Time: 145

Error - 11/20/2011 5:22:56 PM | Computer Name = George-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/20/2011 7:18:16 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 740 Start Time: 01cca7ca607d9a2a Termination Time: 93

Error - 11/20/2011 8:45:15 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1240 Start Time: 01cca7daaec75570 Termination Time: 143

Error - 11/20/2011 8:46:08 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 834 Start Time: 01cca7e6d55bc660 Termination Time: 50

Error - 11/20/2011 8:49:07 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f7c Start Time: 01cca7e6f5187840 Termination Time: 52

Error - 11/20/2011 11:38:03 PM | Computer Name = George-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.31.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1510 Start Time: 01cca7fec4363380 Termination Time: 13

[ Media Center Events ]
Error - 10/8/2010 11:45:42 PM | Computer Name = George-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/8/2010 11:46:52 PM | Computer Name = George-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 10/8/2010 11:47:09 PM | Computer Name = George-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 7/31/2011 11:36:43 PM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 7/31/2011 11:36:58 PM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/31/2011 11:39:35 PM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/31/2011 11:43:39 PM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 7/31/2011 11:44:35 PM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 8/1/2011 12:02:13 AM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 8/1/2011 12:04:10 AM | Computer Name = George-PC | Source = Mcx2Dvcs | ID = 401
Description =

[ System Events ]
Error - 11/20/2011 10:35:25 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:35:55 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:36:25 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:36:55 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:37:25 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:37:55 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:38:25 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:38:55 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:39:25 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/20/2011 10:50:51 PM | Computer Name = George-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >


I could not do step 1, because I don't have another laptop at home.

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:52 PM

Posted 21 November 2011 - 07:04 AM

Hi,
Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:52 PM

Posted 25 November 2011 - 05:19 PM

Hi,

This is a three day bump. Hopefully you're still with me, but if I do not get a response within two days then this topic will be closed.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:52 PM

Posted 28 November 2011 - 08:06 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users