Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS LOG


  • This topic is locked This topic is locked
84 replies to this topic

#1 MrCoffeeMate

MrCoffeeMate

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 25 March 2012 - 02:06 PM

Per your instructions, below is a copy of my DDS LOG results.

I'm running Vista Home Basic, on a Toshiba Satellite mahcine, AMD 64, Athlon X2, and 2 GB of RAM (I think).

I have the latest free versions of Ad-Aware, Windows Security Essentials, and Malwarebytes. After I realize my machine had become infected (initially because of windows continually popping up on the screen), and decided to check my Security Center and also run a scan. It was then I found out that my Firewall had been disabled, and not only this, but. . .I cannot turn it back on (each time I attempt to, I am given an error indicating that for some unknown reason, Windows is unable to comply with that request).

I am the Administrator of this Satellite, and logged in as such. I have run scans with MSE, Ad-Aware, and Malwarebytes. Ad-Aware found three Trojan-type threats of varrying intensity. One of them was removed by the Ad-Watch Live and/or Submitted By Threatwork Alliance option (whatever that means). But I still cannot enable the Firewall. Malwarebytes found some things, as well (four of them), and removed them. But I still cannot turn on the Firewall. Also there is a slight RE-DIRECT issue going on, as well, somewhat intermittently though. But as far as MSE goes, although it has supposedly already removed close to a hundred threats, I keep getting pop-up notifications from MSE that it keeps finding "new" threats (even though I'm not running a scan at the moment). This happens about once every 3 to 5 minutes, and is kind of annoying. Here is a short list and description of the types of things that my MSE utility has found (and removed?) thus far:

Trojan:Win32/Sirefef.AC
Trojan:JS/BlacoleRef.AL
TrojanDropper:Win32/Zegost.Z
Backdoor:Win32/ProxyBot.E

Lastly, here are a few things which I also hope will be helpful for you to know before responding back to me with any assistance:

1) I do not own a working printer, and. . .
2) I have not been able to restart this laptop for a couple of years now. It gets hung up somewhere between being in an OFF and ON state whenever I select the RESTART option. Then I eventually have to finish the process by doing a hard shut down, followed by a hard boot. But since I tend to blame overheating as a possible cause or reason for this, I like to give it some time to cool off before booting it up again.

As it turns out, I am also unable to get online with the infected laptop at this point, and I am also seeing a completely white screen each time I log into Windows. The white screen usually lasts anywhere from 30 seconds to 2 minutes, and then displays my desktop just as it should. Also, I just ran scans with Malwarebytes, MSE, and Ad-Aware and none of them showed anything, so the infection is completely hidden from all three of them at this point.

I hope this information is helpful for someone here who might be able to help me out.

Much thanks in advance!!



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Louis126 at 14:34:01 on 2012-03-25
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.776 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.com/
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/clipextractor/{462700DB-9440-43BD-8D2F-85FBB4F50CA0}
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Somoto Toolbar: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files\somototoolbar\vmntemplateX.dll
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BluetoothAuthAgent] c:\windows\BluetoothAuthAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?

lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctODE3OTM5MTM4LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1MSUMrMi1GTDEwKzEtRERUKzU1NzY

wLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMjItRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtU1QxMkZPSSsxLUYxME0xMkFVKzEtRVVMQSsxLVNUMTJGQV

BQKzEtU1RGMTBNMTJBVUYrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=cbf561185f8047d68464d1e9976c9175-b3e06cb493dd6372fca3f3967fc20a1c13a26cfd
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
LSP: mswsock.dll
Trusted Zone: arise.com
Trusted Zone: select2perform.com\www
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{EC389B8D-0F72-446A-B212-CE797FD8AC5C} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\louis126\appdata\roaming\mozilla\firefox\profiles\t03hlp4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
//Allow HTML compose Cut/Copy/Paste buttons on Fastmail
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.123mail.org hxxp://www.150mail.com hxxp://www.150ml.com hxxp://www.16mail.com hxxp://www.2-mail.com

hxxp://www.4email.net hxxp://www.50mail.com hxxp://www.airpost.net hxxp://www.allmail.net hxxp://www.bestmail.us hxxp://www.cluemail.com hxxp://www.elitemail.org

hxxp://www.emailgroups.net hxxp://www.emailplus.org hxxp://www.emailuser.net hxxp://www.eml.cc hxxp://www.fastem.com hxxp://www.fast-email.com

hxxp://www.fastemail.us hxxp://www.fastemailer.com hxxp://www.fastest.cc hxxp://www.fastimap.com hxxp://www.fastmail.cn hxxp://www.fastmail.com.au

hxxp://www.fastmail.fm hxxp://www.fastmail.us hxxp://www.fmail.co.uk hxxp://www.fast-mail.org hxxp://www.fastmailbox.net hxxp://www.fastmessaging.com hxxp://www.fea.st

hxxp://www.f-m.fm hxxp://www.fmailbox.com hxxp://www.fmgirl.com hxxp://www.fmguy.com hxxp://www.ftml.net hxxp://www.hailmail.net hxxp://www.imap.cc

hxxp://www.imap-mail.com hxxp://www.imapmail.org hxxp://www.internet-e-mail.com hxxp://www.internetemails.net hxxp://www.internet-mail.org

hxxp://www.internetmailing.net hxxp://www.jetemail.net hxxp://www.justemail.net hxxp://www.letterboxes.org hxxp://www.mailandftp.com hxxp://www.mailas.com

hxxp://www.mailbolt.com hxxp://www.mailc.net hxxp://www.mailcan.com hxxp://www.mail-central.com hxxp://www.mailforce.net hxxp://www.mailftp.com

hxxp://www.mailhaven.com hxxp://www.mailingaddress.org hxxp://www.mailite.com hxxp://www.mailmight.com hxxp://www.mailnew.com hxxp://www.mail-page.com

hxxp://www.mailsent.net hxxp://www.mailup.net hxxp://www.mailworks.org hxxp://www.ml1.net hxxp://www.mm.st hxxp://www.myfastmail.com hxxp://www.mymacmail.com

hxxp://www.nospammail.net hxxp://www.ownmail.net hxxp://www.petml.com hxxp://www.postinbox.com hxxp://www.postpro.net hxxp://www.proinbox.com

hxxp://www.promessage.com hxxp://www.realemail.net hxxp://www.reallyfast.biz hxxp://www.reallyfast.info hxxp://www.rushpost.com hxxp://www.sent.as hxxp://www.sent.at

hxxp://www.sent.com hxxp://www.speedpost.net hxxp://www.speedymail.org hxxp://www.ssl-mail.com hxxp://www.swift-mail.com hxxp://www.the-fastest.net

hxxp://www.theinternetemail.com hxxp://www.the-quickest.com hxxp://www.veryfast.biz hxxp://www.veryspeedy.net hxxp://www.warpmail.net hxxp://www.xsmail.com

hxxp://www.yepmail.net hxxp://www.your-mail.com hxxps://www.fastmail.fm
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
//Allow HTML compose Cut/Copy/Paste buttons on Fastmail
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.123mail.org hxxp://www.150mail.com hxxp://www.150ml.com hxxp://www.16mail.com hxxp://www.2-mail.com

hxxp://www.4email.net hxxp://www.50mail.com hxxp://www.airpost.net hxxp://www.allmail.net hxxp://www.bestmail.us hxxp://www.cluemail.com hxxp://www.elitemail.org

hxxp://www.emailgroups.net hxxp://www.emailplus.org hxxp://www.emailuser.net hxxp://www.eml.cc hxxp://www.fastem.com hxxp://www.fast-email.com

hxxp://www.fastemail.us hxxp://www.fastemailer.com hxxp://www.fastest.cc hxxp://www.fastimap.com hxxp://www.fastmail.cn hxxp://www.fastmail.com.au

hxxp://www.fastmail.fm hxxp://www.fastmail.us hxxp://www.fmail.co.uk hxxp://www.fast-mail.org hxxp://www.fastmailbox.net hxxp://www.fastmessaging.com hxxp://www.fea.st

hxxp://www.f-m.fm hxxp://www.fmailbox.com hxxp://www.fmgirl.com hxxp://www.fmguy.com hxxp://www.ftml.net hxxp://www.hailmail.net hxxp://www.imap.cc

hxxp://www.imap-mail.com hxxp://www.imapmail.org hxxp://www.internet-e-mail.com hxxp://www.internetemails.net hxxp://www.internet-mail.org

hxxp://www.internetmailing.net hxxp://www.jetemail.net hxxp://www.justemail.net hxxp://www.letterboxes.org hxxp://www.mailandftp.com hxxp://www.mailas.com

hxxp://www.mailbolt.com hxxp://www.mailc.net hxxp://www.mailcan.com hxxp://www.mail-central.com hxxp://www.mailforce.net hxxp://www.mailftp.com

hxxp://www.mailhaven.com hxxp://www.mailingaddress.org hxxp://www.mailite.com hxxp://www.mailmight.com hxxp://www.mailnew.com hxxp://www.mail-page.com

hxxp://www.mailsent.net hxxp://www.mailup.net hxxp://www.mailworks.org hxxp://www.ml1.net hxxp://www.mm.st hxxp://www.myfastmail.com hxxp://www.mymacmail.com

hxxp://www.nospammail.net hxxp://www.ownmail.net hxxp://www.petml.com hxxp://www.postinbox.com hxxp://www.postpro.net hxxp://www.proinbox.com

hxxp://www.promessage.com hxxp://www.realemail.net hxxp://www.reallyfast.biz hxxp://www.reallyfast.info hxxp://www.rushpost.com hxxp://www.sent.as hxxp://www.sent.at

hxxp://www.sent.com hxxp://www.speedpost.net hxxp://www.speedymail.org hxxp://www.ssl-mail.com hxxp://www.swift-mail.com hxxp://www.the-fastest.net

hxxp://www.theinternetemail.com hxxp://www.the-quickest.com hxxp://www.veryfast.biz hxxp://www.veryspeedy.net hxxp://www.warpmail.net hxxp://www.xsmail.com

hxxp://www.yepmail.net hxxp://www.your-mail.com hxxps://www.fastmail.fm
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
//Allow HTML compose Cut/Copy/Paste buttons on Fastmail
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.123mail.org hxxp://www.150mail.com hxxp://www.150ml.com hxxp://www.16mail.com hxxp://www.2-mail.com

hxxp://www.4email.net hxxp://www.50mail.com hxxp://www.airpost.net hxxp://www.allmail.net hxxp://www.bestmail.us hxxp://www.cluemail.com hxxp://www.elitemail.org

hxxp://www.emailgroups.net hxxp://www.emailplus.org hxxp://www.emailuser.net hxxp://www.eml.cc hxxp://www.fastem.com hxxp://www.fast-email.com

hxxp://www.fastemail.us hxxp://www.fastemailer.com hxxp://www.fastest.cc hxxp://www.fastimap.com hxxp://www.fastmail.cn hxxp://www.fastmail.com.au

hxxp://www.fastmail.fm hxxp://www.fastmail.us hxxp://www.fmail.co.uk hxxp://www.fast-mail.org hxxp://www.fastmailbox.net hxxp://www.fastmessaging.com hxxp://www.fea.st

hxxp://www.f-m.fm hxxp://www.fmailbox.com hxxp://www.fmgirl.com hxxp://www.fmguy.com hxxp://www.ftml.net hxxp://www.hailmail.net hxxp://www.imap.cc

hxxp://www.imap-mail.com hxxp://www.imapmail.org hxxp://www.internet-e-mail.com hxxp://www.internetemails.net hxxp://www.internet-mail.org

hxxp://www.internetmailing.net hxxp://www.jetemail.net hxxp://www.justemail.net hxxp://www.letterboxes.org hxxp://www.mailandftp.com hxxp://www.mailas.com

hxxp://www.mailbolt.com hxxp://www.mailc.net hxxp://www.mailcan.com hxxp://www.mail-central.com hxxp://www.mailforce.net hxxp://www.mailftp.com

hxxp://www.mailhaven.com hxxp://www.mailingaddress.org hxxp://www.mailite.com hxxp://www.mailmight.com hxxp://www.mailnew.com hxxp://www.mail-page.com

hxxp://www.mailsent.net hxxp://www.mailup.net hxxp://www.mailworks.org hxxp://www.ml1.net hxxp://www.mm.st hxxp://www.myfastmail.com hxxp://www.mymacmail.com

hxxp://www.nospammail.net hxxp://www.ownmail.net hxxp://www.petml.com hxxp://www.postinbox.com hxxp://www.postpro.net hxxp://www.proinbox.com

hxxp://www.promessage.com hxxp://www.realemail.net hxxp://www.reallyfast.biz hxxp://www.reallyfast.info hxxp://www.rushpost.com hxxp://www.sent.as hxxp://www.sent.at

hxxp://www.sent.com hxxp://www.speedpost.net hxxp://www.speedymail.org hxxp://www.ssl-mail.com hxxp://www.swift-mail.com hxxp://www.the-fastest.net

hxxp://www.theinternetemail.com hxxp://www.the-quickest.com hxxp://www.veryfast.biz hxxp://www.veryspeedy.net hxxp://www.warpmail.net hxxp://www.xsmail.com

hxxp://www.yepmail.net hxxp://www.your-mail.com hxxps://www.fastmail.fm
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-12 64512]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-5 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-9-5 7168]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bb254effe9cb;Google Update Service (gupdate1c9bb254effe9cb);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S2 SessionLauncher;SessionLauncher;c:\users\louis126\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\louis126\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-12 133104]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files\j river\media jukebox 14\JRService.exe [2012-3-15 379400]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== Created Last 30 ================
.
2012-03-25 16:23:05 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{27f0c0b4-8d24-4ccb-a38d-88c819a5a23c}\offreg.dll
2012-03-25 03:24:05 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{27f0c0b4-8d24-4ccb-a38d-88c819a5a23c}

\mpengine.dll
2012-03-24 04:11:09 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 04:21:34 -------- d-----w- c:\users\louis126\appdata\roaming\Malwarebytes
2012-03-23 04:21:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 21:15:14 -------- d-----w- C:\FRST
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-22 15:21:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-22 04:25:44 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 01:08:18 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 01:08:18 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-18 03:47:29 -------- d-----w- c:\program files\iPod
2012-03-15 19:32:41 76 ----a-w- c:\windows\system32\net32gdilib.dll
2012-03-15 19:32:41 621056 ------w- c:\windows\system32\MJ14.exe
2012-03-15 19:32:32 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2012-03-15 19:31:15 -------- d-----w- c:\program files\J River
2012-03-15 19:30:42 -------- d-----w- c:\users\louis126\appdata\roaming\J River
2012-03-14 17:57:55 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:57:31 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 17:57:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 17:57:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 17:57:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 17:57:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:57:29 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 17:56:39 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 17:56:39 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-22 04:30:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:35:45.11 ===============

Attached Files


Edited by Orange Blossom, 27 March 2012 - 11:59 PM.
Deactivated links in Firefox policy section. ~ OB


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 28 March 2012 - 06:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 28 March 2012 - 11:58 AM

Thanks for your response. Here are the scan results, as you requested:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 3/28/2012 12:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Louis126\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 48.09% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 33.53 Gb Free Space | 30.40% Space Free | Partition Type: NTFS
Drive E: | 4.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 476.65 Mb Total Space | 448.00 Mb Free Space | 93.99% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Louis126 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/28 12:09:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Louis126\Desktop\OTL(1).exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/10/27 13:34:16 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/27 13:34:07 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/08/15 18:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/09 22:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/01 17:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/07/20 23:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/06/19 18:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/15 13:38:35 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012/02/15 13:36:01 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/02/15 13:35:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 13:30:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/15 13:28:32 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/15 13:28:09 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/15 13:27:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/15 13:26:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/13 20:02:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/05 14:54:27 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2764.39446__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:27 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2764.39503__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007/09/05 14:54:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2764.39480__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007/09/05 14:54:27 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2764.39502__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:26 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2764.39489__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007/09/05 14:54:26 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2764.39718__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007/09/05 14:54:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2764.39709__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2764.39668__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2764.39466__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007/09/05 14:54:25 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2764.39745__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007/09/05 14:53:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2764.39752__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2764.39459__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:50 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2764.39676__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:50 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2764.39682__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007/09/05 14:53:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2764.39675__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2764.39738__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:49 | 000,897,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2764.39711__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2764.39611__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2764.39516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2764.39467__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2764.39695__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007/09/05 14:53:49 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2764.39522__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007/09/05 14:53:49 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2764.39509__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2764.39634__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2764.39609__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2764.39521__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2764.39633__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:48 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2764.39603__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:48 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2764.39655__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007/09/05 14:53:48 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2764.39601__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2764.39654__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/09/05 14:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/09/05 14:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2764.39609__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007/09/05 14:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/09/05 14:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/09/05 14:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/09/05 14:53:47 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007/09/05 14:53:46 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2729.30262__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/09/05 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/09/05 14:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/09/05 14:53:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/09/05 14:53:40 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2764.39475__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/09/05 14:53:40 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2764.39723__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007/09/05 14:53:40 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2764.39730__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/09/05 14:53:40 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2764.39438__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/09/05 14:53:40 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2764.39729__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/09/05 14:53:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/09/05 14:53:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/09/05 14:53:40 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2764.39776__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/09/05 14:53:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/09/05 14:53:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/09/05 14:53:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/09/05 14:53:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2764.39436__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007/09/05 14:53:39 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2764.39454__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/09/05 14:53:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2764.39438__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/09/05 14:53:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2764.39437__90ba9c70f846762e\APM.Server.dll
MOD - [2007/09/05 14:53:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2764.39436__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/09/05 14:53:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/09/05 14:53:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2764.39730__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/09/05 14:53:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/09/05 14:53:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/09/05 14:53:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/07/28 02:26:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/05/31 13:12:32 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Louis126\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - [2011/10/27 13:34:07 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/07/15 17:28:45 | 000,379,400 | ---- | M] (J. River, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Jukebox 14\JRService.exe -- (Media Jukebox 14 Service)
SRV - [2007/08/01 17:39:18 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/02/26 00:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 20:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 20:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/02/21 14:36:10 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/02/21 14:36:05 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/15 09:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/21 01:13:04 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2007/08/01 17:37:20 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/07/30 02:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/28 00:36:40 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 03:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/23 19:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/clipextractor/{462700DB-9440-43BD-8D2F-85FBB4F50CA0}
IE - HKLM\..\SearchScopes,DefaultScope = {BABB74EF-C263-4A71-B6DD-5A53C4DA66DF}
IE - HKLM\..\SearchScopes\{BABB74EF-C263-4A71-B6DD-5A53C4DA66DF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};


IE - HKU\.DEFAULT\..\SearchScopes\{BABB74EF-C263-4A71-B6DD-5A53C4DA66DF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes\{BABB74EF-C263-4A71-B6DD-5A53C4DA66DF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes,DefaultScope = {4C7DEE88-1E1A-4A51-8C35-FA3C60A6E298}
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=70026
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes\{4C7DEE88-1E1A-4A51-8C35-FA3C60A6E298}: "URL" = http://www.bing.com/search?FORM=VE3D01&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/clipextractor/{462700DB-9440-43BD-8D2F-85FBB4F50CA0}?q={searchTerms}
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes\{BABB74EF-C263-4A71-B6DD-5A53C4DA66DF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB_en-US
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..\SearchScopes\{BCA3A6D2-2EBE-4018-853E-CA5D1A535DED}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ushdl"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ushdl"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.4
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: {b5dd1cb0-1888-11df-8a39-0800200c9a66}:1.1
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {8225d6f0-dfca-11df-85ca-0800200c9a66}:1.0.4.8
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {586bd060-22d6-11de-8c30-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {a49e71d0-0598-11e0-81e0-0800200c9a66}:1.0.4.9
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {526fd696-27a0-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: DarkRevisited@bluewebstudios.com:3.9
FF - prefs.js..extensions.enabledItems: {021bfe80-a015-11de-8a39-0800200c9a66}:0.5.4
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-ushdl&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 21:08:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/27 13:29:28 | 000,000,000 | ---D | M]

[2010/04/27 02:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Extensions
[2009/10/20 20:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/05/30 18:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/04/27 02:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012/02/29 02:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions
[2010/08/17 19:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}(105)
[2011/07/10 21:06:08 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2011/10/07 00:24:15 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}(57)
[2010/08/17 19:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\{e06bacc0-d6f8-11de-8a39-0800200c9a66}(106)
[2010/08/17 19:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\cfxec@Triton(103)
[2012/02/21 00:16:49 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\Foxdie@tanjihay.com
[2011/02/10 18:58:52 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\foxdie_ext_ocelot@foxdie.us
[2010/08/18 16:54:18 | 000,000,000 | ---D | M] (iTunesFox) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\iTunesFox@sjcmankimo(104).tw
[2010/07/22 12:22:03 | 000,000,000 | ---D | M] (Office Black) -- C:\Users\Louis126\AppData\Roaming\mozilla\Firefox\Profiles\t03hlp4z.default\extensions\Office2007Black@JBBS(73)
[2011/10/27 13:51:06 | 000,002,354 | ---- | M] () -- C:\Users\Louis126\AppData\Roaming\Mozilla\Firefox\Profiles\t03hlp4z.default\searchplugins\aol-web-search.xml
[2009/08/12 03:28:43 | 000,002,172 | ---- | M] () -- C:\Users\Louis126\AppData\Roaming\Mozilla\Firefox\Profiles\t03hlp4z.default\searchplugins\bing.xml
[2011/11/26 13:56:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\LOUIS126\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T03HLP4Z.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\LOUIS126\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T03HLP4Z.DEFAULT\EXTENSIONS\AFTERGLOW_OPTIONS@WWW.THEME-OASIS.ORG.XPI
[2012/03/18 21:08:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/01 01:42:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/07/09 20:07:44 | 000,002,280 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/01/01 01:42:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www.bigseekpro.com/search/toolbar/clipextractor/{48A42E1A-7456-D5BE-F7F5-9112E62404A1}?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Louis126\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Louis126\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Louis126\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32asw.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Lamborghini = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiefegoncbfdemobfpaldfapbfiinmeo\1.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\
CHR - Extension: Poppit = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Louis126\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthAgent] C:\Windows\BluetoothAuthAgent.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" File not found
O4 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..Trusted Domains: arise.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2556700239-1881780036-892603058-1000\..Trusted Domains: select2perform.com ([www] https in Trusted sites)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC389B8D-0F72-446A-B212-CE797FD8AC5C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/06 06:58:36 | 000,000,198 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{63ddd83c-b1da-11dc-a563-00a0d1887886}\Shell - "" = AutoRun
O33 - MountPoints2\{63ddd83c-b1da-11dc-a563-00a0d1887886}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 11:04:24 | 000,921,600 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "startup" - 0

SafeBootMin: 79989460.sys - Driver
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: NsTrcNT - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 12:11:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Louis126\Desktop\OTL(1).exe
[2012/03/25 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Louis126\Documents\DDS_ZIP
[2012/03/24 00:11:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/23 00:21:34 | 000,000,000 | ---D | C] -- C:\Users\Louis126\AppData\Roaming\Malwarebytes
[2012/03/23 00:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/23 00:21:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/22 17:15:14 | 000,000,000 | ---D | C] -- C:\FRST
[2012/03/22 15:12:12 | 004,435,968 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/21 17:42:08 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Louis126\Desktop\TDSSKiller.exe
[2012/03/17 23:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/17 23:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/15 15:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\J. River Media Jukebox 14
[2012/03/15 15:32:41 | 000,621,056 | ---- | C] (J. River, Inc.) -- C:\Windows\System32\MJ14.exe
[2012/03/15 15:32:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012/03/15 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\J River
[2012/03/15 15:30:42 | 000,000,000 | ---D | C] -- C:\Users\Louis126\AppData\Roaming\J River
[2012/03/14 13:57:55 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 13:57:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 13:57:31 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 13:57:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 13:57:31 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 13:57:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 13:56:39 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/12 16:34:46 | 000,000,000 | ---D | C] -- C:\Users\Louis126\Documents\Final version 2_files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/28 12:20:54 | 000,002,555 | ---- | M] () -- C:\Users\Louis126\Desktop\Microsoft Word.lnk
[2012/03/28 12:20:23 | 000,000,288 | ---- | M] () -- C:\Users\Louis126\Desktop\http.htm - Shortcut.lnk
[2012/03/28 12:09:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Louis126\Desktop\OTL(1).exe
[2012/03/28 12:04:01 | 000,000,283 | ---- | M] () -- C:\Users\Louis126\Desktop\dds.scr - Shortcut (2).lnk
[2012/03/28 12:03:31 | 000,000,662 | ---- | M] () -- C:\Users\Louis126\Desktop\Shortcut to OTL.exe.lnk
[2012/03/28 12:03:19 | 000,000,283 | ---- | M] () -- C:\Users\Louis126\Desktop\dds.scr - Shortcut.lnk
[2012/03/28 11:52:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 11:21:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 11:21:29 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 11:21:29 | 000,003,552 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/28 11:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 14:42:12 | 000,013,858 | ---- | M] () -- C:\Users\Louis126\Documents\WordDocument
[2012/03/25 14:42:12 | 000,007,989 | ---- | M] () -- C:\Users\Louis126\Documents\1Table
[2012/03/25 14:42:12 | 000,004,096 | ---- | M] () -- C:\Users\Louis126\Documents\[5]SummaryInformation
[2012/03/25 14:42:12 | 000,004,096 | ---- | M] () -- C:\Users\Louis126\Documents\[5]DocumentSummaryInformation
[2012/03/25 14:42:12 | 000,000,106 | ---- | M] () -- C:\Users\Louis126\Documents\[1]CompObj
[2012/03/25 14:33:35 | 000,000,000 | ---- | M] () -- C:\Users\Louis126\defogger_reenable
[2012/03/25 14:33:34 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/25 14:33:34 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/24 23:04:14 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/24 15:56:59 | 000,016,896 | ---- | M] () -- C:\Users\Louis126\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/24 00:36:03 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Louis126\Desktop\TDSSKiller.exe
[2012/03/23 00:21:21 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 17:16:14 | 000,001,163 | ---- | M] () -- C:\Users\Louis126\Desktop\FRST.exe - Shortcut.lnk
[2012/03/22 15:32:34 | 000,001,156 | ---- | M] () -- C:\Users\Louis126\Desktop\BFE.reg - Shortcut.lnk
[2012/03/22 15:32:05 | 000,001,175 | ---- | M] () -- C:\Users\Louis126\Desktop\wscsvc.reg - Shortcut.lnk
[2012/03/22 15:12:12 | 004,435,968 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/03/22 13:33:10 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/22 13:33:10 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/03/22 00:30:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/18 00:07:23 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/18 00:07:23 | 000,001,854 | ---- | M] () -- C:\Users\Louis126\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/17 23:55:45 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/03/17 23:50:24 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/17 01:48:26 | 000,028,266 | ---- | M] () -- C:\Users\Louis126\Documents\Amazon-MP3-1331963277.amz
[2012/03/15 15:34:30 | 000,001,869 | ---- | M] () -- C:\Users\Louis126\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Jukebox 14.lnk
[2012/03/15 15:34:30 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Media Jukebox 14.lnk
[2012/03/15 15:32:41 | 000,000,076 | ---- | M] () -- C:\Windows\System32\net32gdilib.dll
[2012/03/14 15:05:21 | 000,000,914 | ---- | M] () -- C:\Users\Louis126\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/14 14:29:03 | 000,443,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 16:35:08 | 000,015,581 | ---- | M] () -- C:\Users\Louis126\Documents\Final version 2.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 12:20:23 | 000,000,288 | ---- | C] () -- C:\Users\Louis126\Desktop\http.htm - Shortcut.lnk
[2012/03/28 12:04:01 | 000,000,283 | ---- | C] () -- C:\Users\Louis126\Desktop\dds.scr - Shortcut (2).lnk
[2012/03/28 12:03:31 | 000,000,662 | ---- | C] () -- C:\Users\Louis126\Desktop\Shortcut to OTL.exe.lnk
[2012/03/28 12:03:19 | 000,000,283 | ---- | C] () -- C:\Users\Louis126\Desktop\dds.scr - Shortcut.lnk
[2012/03/25 14:44:27 | 000,013,858 | ---- | C] () -- C:\Users\Louis126\Documents\WordDocument
[2012/03/25 14:44:27 | 000,007,989 | ---- | C] () -- C:\Users\Louis126\Documents\1Table
[2012/03/25 14:44:27 | 000,004,096 | ---- | C] () -- C:\Users\Louis126\Documents\[5]SummaryInformation
[2012/03/25 14:44:27 | 000,004,096 | ---- | C] () -- C:\Users\Louis126\Documents\[5]DocumentSummaryInformation
[2012/03/25 14:44:27 | 000,000,106 | ---- | C] () -- C:\Users\Louis126\Documents\[1]CompObj
[2012/03/25 14:33:35 | 000,000,000 | ---- | C] () -- C:\Users\Louis126\defogger_reenable
[2012/03/23 00:21:21 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 17:16:14 | 000,001,163 | ---- | C] () -- C:\Users\Louis126\Desktop\FRST.exe - Shortcut.lnk
[2012/03/22 15:32:34 | 000,001,156 | ---- | C] () -- C:\Users\Louis126\Desktop\BFE.reg - Shortcut.lnk
[2012/03/22 15:32:05 | 000,001,175 | ---- | C] () -- C:\Users\Louis126\Desktop\wscsvc.reg - Shortcut.lnk
[2012/03/22 11:21:21 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012/03/22 00:25:44 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/18 00:07:23 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/17 23:50:24 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/17 01:48:22 | 000,028,266 | ---- | C] () -- C:\Users\Louis126\Documents\Amazon-MP3-1331963277.amz
[2012/03/15 15:34:30 | 000,001,869 | ---- | C] () -- C:\Users\Louis126\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Jukebox 14.lnk
[2012/03/15 15:34:30 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\Media Jukebox 14.lnk
[2012/03/15 15:32:41 | 000,000,076 | ---- | C] () -- C:\Windows\System32\net32gdilib.dll
[2012/03/14 15:05:21 | 000,000,920 | ---- | C] () -- C:\Users\Louis126\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/14 15:05:21 | 000,000,914 | ---- | C] () -- C:\Users\Louis126\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/12 16:34:46 | 000,015,581 | ---- | C] () -- C:\Users\Louis126\Documents\Final version 2.htm
[2011/07/09 20:25:26 | 000,000,597 | ---- | C] () -- C:\Users\Louis126\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
[2011/06/30 00:00:44 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/30 00:00:44 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/08/25 12:31:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/19 20:21:16 | 000,212,836 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/06/14 12:06:57 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/08 02:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/08 02:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL Extras logfile created on: 3/28/2012 12:26:42 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Louis126\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 48.09% Memory free
3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 33.53 Gb Free Space | 30.40% Space Free | Partition Type: NTFS
Drive E: | 4.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 476.65 Mb Total Space | 448.00 Mb Free Space | 93.99% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Louis126 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MusicBee.1PlayNow] -- "C:\Program Files\MusicBee\MusicBee.exe" "%1" /Play
Directory [MusicBee.2QueueNext] -- "C:\Program Files\MusicBee\MusicBee.exe" "%1" /QueueNext
Directory [MusicBee.3QueueLast] -- "C:\Program Files\MusicBee\MusicBee.exe" "%1" /QueueLast
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FD4F17-D8A7-4CD1-B091-FE35FBE12441}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2E88250D-69B3-49BE-9DD5-2822B18B5FFF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2FBCB09C-969C-49E0-AAF0-218FC7AF061A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51C32C52-C014-494B-92F2-A6B39AE06A43}" = protocol=17 | dir=in | app=c:\program files\amazon\mp3 downloader\amazonmp3downloader.exe |
"{5B56E8EC-8F56-4171-B969-73B7474079D7}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{5EF7D2E5-9E0B-4AEF-A078-BB413D982265}" = protocol=6 | dir=in | app=c:\users\louis126\appdata\roaming\dropbox\bin\dropbox.exe |
"{63F63665-5DB7-4491-A7B8-A25E3D7177EE}" = protocol=6 | dir=in | app=c:\users\louis126\downloads\videotomp3setup.exe |
"{69BBF181-1A8F-4AFA-A5D2-FC8A3A116ACF}" = protocol=17 | dir=in | app=c:\users\louis126\downloads\videotomp3setup.exe |
"{7BBEBD09-F8A5-40F8-8DA2-BE8DCEE71AAE}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{87C9E492-4C2C-421C-80D1-2D8841F29D77}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{8AB1F869-63AD-4547-83DA-B9EC8304CCDA}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{99DACD64-46C4-4B09-9418-A9CD6E0BF75E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{BD532D06-5B09-454A-AC8C-98FD297DD081}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BF5AF0BA-D256-4A9F-8500-E438446D50C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C5DCC365-D349-4814-A9F3-BDC7BF303CF9}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{D06F966F-CFB7-42D6-BEB9-EC6BBA0F56E1}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{D0EF9AF2-57DB-4F60-8B99-5D81868D4C5D}" = protocol=17 | dir=in | app=c:\users\louis126\appdata\roaming\dropbox\bin\dropbox.exe |
"{D780D4BF-FAC7-4A40-A437-1B3CD9239D88}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{DC81DE8C-EEDB-4129-9D9F-CA7A97A3ED55}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{E43EC335-93E8-4179-A067-29A43D19EBC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{ED8B3341-C652-4178-91EF-94847D3052F4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F2805A5D-17F4-4C56-AD0D-28B7C0D4076B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F5BBF447-0A37-41DB-BF7A-F63931D683AA}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{F95A36DE-BED1-4B7A-B493-6C6627D38DA9}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{FA5A4227-151E-4D73-A85B-F0B0AB9CEB55}" = protocol=6 | dir=in | app=c:\program files\amazon\mp3 downloader\amazonmp3downloader.exe |
"TCP Query User{B90F4164-1628-45EB-987F-88C72ADB9760}C:\program files\toshiba games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\toshiba games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{1E35A73A-0517-4571-9701-F89E5CBAAF30}C:\program files\toshiba games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\toshiba games\wheel of fortune\wheel of fortune.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0221A397-962E-6D84-F786-64E445617999}" = CCC Help English
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08CB1B3E-D42C-3ED5-7896-F8BC31839315}" = Catalyst Control Center Localization Czech
"{0C9B3E29-3B8B-295E-773B-82F3516F17DD}" = CCC Help Thai
"{0D99E1E9-D28C-6806-0820-13E10082CE7B}" = CCC Help Italian
"{0DC5B855-1CE2-9EA3-AA12-78C8939F68EF}" = Catalyst Control Center Core Implementation
"{0E2C948E-44D6-9A1C-54E7-05217E7DCC13}" = CCC Help Dutch
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B5AB0D6-4F7C-9B93-5323-9037F1E61142}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21EA2A28-3146-E63D-16EE-0BF9FA3D6F5E}" = Catalyst Control Center Localization German
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{31C97472-E522-A760-F46D-FC0648F77E9C}" = CCC Help French
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{40E3BE50-51A6-F8A0-DB5F-7C2698FA5E1F}" = CCC Help Spanish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{432DC370-01EF-F2D8-34C3-27DCC9B13083}" = CCC Help Norwegian
"{44151656-ECAC-99DC-1AC5-1F06A1A62939}" = Catalyst Control Center Graphics Light
"{454AB369-FABF-EB84-FBC1-CA4E8FBD3926}" = Catalyst Control Center Localization Hungarian
"{497268C1-AE62-4A1D-1129-1D03183538B0}" = Catalyst Control Center Localization Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CE6623E-C867-81B3-8B94-A4FE021782BF}" = CCC Help Portuguese
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55FE1E6B-4E8A-0F2B-5B36-8F4363A0AEBC}" = Catalyst Control Center Localization Chinese Traditional
"{59DC42FB-13A7-45E1-BCC3-37CE5977951E}" = CCC Help Japanese
"{59DF97C6-3144-FA5A-4380-6B891BB44812}" = CCC Help German
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BBE3EAB-D749-0560-2C39-53DC8531CB01}" = Catalyst Control Center Localization Korean
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{608738F2-51B4-CD53-C1CC-220363513ED7}" = CCC Help Czech
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{649C3B52-AA90-1F36-3D36-CE7F2BB1CB8C}" = Catalyst Control Center Localization Chinese Standard
"{654CABFA-4289-9EC0-F088-34BFCC84A798}" = Catalyst Control Center Localization Turkish
"{65CC9CE1-AAF1-866B-B07E-FECC0B53277E}" = Catalyst Control Center Localization Danish
"{6A9DF7EE-E7B9-E4F1-204A-FE72F47231CB}" = CCC Help Finnish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7163A2F1-2DED-9EF4-24FC-06D607D2A9C9}" = Catalyst Control Center Graphics Full New
"{731341F3-55AA-8488-A3F1-3D4C43412C87}" = CCC Help Russian
"{755F77D1-717E-4D7D-BF21-D3EB63906365}" = Winbond CIR Device Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A929336-7D2E-C4E3-2AC9-CA80FBEB5701}" = Catalyst Control Center Localization Spanish
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C7D852-CDF6-7006-91C7-E6A54519E5D5}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8E850D2A-F5E9-C322-ABFF-683C69686C13}" = Catalyst Control Center Localization Russian
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{93FE0FBE-23F5-7BF4-9085-6E046D609F22}" = CCC Help Chinese Traditional
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A74BE9F1-1129-FB71-DA7B-96F5D99CA330}" = Catalyst Control Center Localization Finnish
"{A762A897-3E65-E264-5188-CBAD303064C2}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB79C30D-A920-D219-B4FD-C9552A0419D3}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AD6A78C4-AD77-448D-4F9D-43AD80C8D8FF}" = Catalyst Control Center Localization French
"{AEE482BA-1731-499C-346D-B5F498B7DBF8}" = CCC Help Turkish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3E356C8-CEB3-467C-EA92-8FC2CA15AD51}" = Catalyst Control Center Localization Polish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBD408BC-486B-9857-C805-945F8F083877}" = CCC Help Swedish
"{BE044C42-908B-4952-5140-E2B8FD67F267}" = CCC Help Danish
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C29D1033-0247-FFC6-7895-204ABABA0F20}" = ccc-utility
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C643EEE3-A55A-58D1-D543-ED46726288CB}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0B87CB2-8599-4975-0E50-DB2F8E6B9AE6}" = Catalyst Control Center Localization Thai
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DA401137-8791-F77A-591C-F0BC3E7ED04E}" = Catalyst Control Center Localization Greek
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC9B7572-50C6-180D-916D-3E2CBD00C0C7}" = Catalyst Control Center Localization Japanese
"{DFCFF0F1-005D-E317-733D-8D19D54FBF08}" = Catalyst Control Center Localization Swedish
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E682D0D6-D79F-93ED-A1B1-AD9ED1249DF0}" = ATI Catalyst Install Manager
"{E748D6A5-D03D-BDE1-C094-DAE3F5BCEEF6}" = Catalyst Control Center Graphics Previews Vista
"{E8316038-8C38-52A8-9014-FD35536567E8}" = Catalyst Control Center Localization Dutch
"{E96A0335-C6EA-D11A-3A49-8586A8FED544}" = ccc-core-static
"{E9E6642B-0714-37B4-0248-D036B60F8F12}" = CCC Help Korean
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F05E0039-D2A7-198B-B79E-285395EBB5BB}" = Catalyst Control Center Localization Italian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F734CA55-0939-1F1A-A8B5-19B91B3D4B1F}" = Catalyst Control Center Localization Norwegian
"{FE4C0830-A0F3-B67E-93BC-21C4B0BB0267}" = CCC Help Hungarian
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.43
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AutoUpdater_is1" = Auto Updater 1.0.0.5
"Belarc Advisor" = Belarc Advisor 7.2
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Jukebox 14" = Media Jukebox 14
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Picasa 3" = Picasa 3
"Shockwave" = Shockwave
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VPoolWDeinstKey" = Virtual Pool Windows
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Works2003Setup" = Microsoft Works 2003 Setup Launcher

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2556700239-1881780036-892603058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"oDVT" = oDesk Team

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2012 11:53:00 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application nslookup.exe, version 6.0.6002.18005, time stamp
0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000138, fault offset 0x00009f5d, process id 0x1458, application
start time 0x01cd09715e8659f0.

Error - 3/23/2012 11:53:18 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application nslookup.exe, version 6.0.6002.18005, time stamp
0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000138, fault offset 0x00009f5d, process id 0x13bc, application
start time 0x01cd0971a4360310.

Error - 3/23/2012 11:53:26 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application nslookup.exe, version 6.0.6002.18005, time stamp
0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5,
exception code 0xc0000138, fault offset 0x00009f5d, process id 0xb20, application
start time 0x01cd0971a8818f70.

Error - 3/24/2012 12:43:37 AM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =

Error - 3/24/2012 1:15:15 PM | Computer Name = Laptop | Source = Windows Backup | ID = 4104
Description =

Error - 3/24/2012 1:43:29 PM | Computer Name = Laptop | Source = Windows Backup | ID = 4104
Description =

Error - 3/24/2012 2:01:20 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application ping.exe, version 6.0.6001.18000, time stamp
0x47919130, faulting module Flash11g.ocx, version 11.1.102.63, time stamp 0x4f4c398c,
exception code 0xc0000005, fault offset 0x0025b249, process id 0x1464, application
start time 0x01cd09e622eb671c.

Error - 3/24/2012 4:52:39 PM | Computer Name = Laptop | Source = Windows Backup | ID = 4104
Description =

Error - 3/24/2012 5:09:54 PM | Computer Name = Laptop | Source = Windows Backup | ID = 4104
Description =

Error - 3/25/2012 12:46:41 AM | Computer Name = Laptop | Source = VSS | ID = 8194
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I still cannot get online with the infected machine. But I can with my other laptop (Dell). I just now saved as much of the stuff you wanted me to download and save to a flash drive in order to initiate the scan on the infected machine. One thing I was not able to do was get that OTL background/icon onto the infected machine. I hope I didn't misunderstand you or not follow your instructions correctly. But I used the email message I received as the point of reference for all of the downloads. I think I should have done all of that from this website, instead. I actually had to pull up and create a new WORD doc., so that I could type and then copy those 10 or so file names, which I later pasted into the OTL by Old Timer Utility.


You might also be interested in knowing that the infected machine still displays a completely white screen right after I type my Windows password (to log onto my Windows account). The white screen seems to last longer and longer each time. Today it was probably displayed for around 2 minutes, before it decided to let me see my desktop properly.

Also (something else I think you might want to know), I apologize, but (believe it or not) I actually have used the infected machine a couple times now to transfer files to and from my iPod Touch. I'm not planning on doing this again until the infected machine is fixed (hopefully it can actually BE fixed). But I have another music player on its way to me (via postal mail right now), and I would very much like to be able to load music on it from the infected machine after I have received it.

For now, I will assume that this would be a bad idea. . .



Thanks again for any help you can provide!!

Edited by MrCoffeeMate, 28 March 2012 - 12:04 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 29 March 2012 - 05:54 AM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 29 March 2012 - 10:55 AM

At first I began running the scan from the GMER utility which I had saved to a flash drive, in regular mode. I was told about 2 minutes into the scan that the program had stopped running, and was given the option to search for a solution online, or shut down the program.

I then tried running it (again from off of the flash drive) while in Safe Mode. The same thing happened as above. But before I tried it again, I moved the utility program from off of the flash drive and onto the desktop. Then I safely removed the flash drive, and attempted to double-click on the utility icon from off of the desktop. When I did this, I was presented with some sort of System warning, telling me that something was trying to invade and/or threaten the security of my computer. So, then my computer shut itself down automatically (it did a HARD shut down, without going through the usual shut-down steps).

I booted back up into Safe Mode, and again, double-clicked on the GMER utility icon. The scan started up this time, and about 1 and a half to 2 minutes into the scan my computer simply shut down, but this time without any warnings at all. Again, it was a HARD shut down. The infected computer is currently OFF, and I think I might just wait to hear back from you before I try anything else.

One thing you might find of interest. . .for some time now I have had a minor issue with overheating on this Toshiba Satellite laptop (the infected machine). I have not really ever taken this seriously enough to do anything about it, though. It is an intermittent issue. Ordinarily the laptop will shut itself down automatically when it overheats, but this is probably not more than about once every month to once every 3 months or so. But so far today, the Toshiba has NOT been running long enough for it to have gotten hot enough to have made itself shut itself down. This usually only happens after it has been running for a long period of time before it shuts itself down like that.

So, I am thinking the infection has caused these shut downs, as a means of some sort of defense mechanism.

Please let me know what you think.

Thank you!

Edited by MrCoffeeMate, 29 March 2012 - 11:04 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 29 March 2012 - 12:49 PM

Hi,

if the PC shuts down every other months due to overheating, I would definitely do something about that. Overheating is not just an issue for a sudden hsut down, it also damages all the components long term and makes them fail earlier.

Can you please run a scan with TDSSKiller instead of gmer:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 29 March 2012 - 03:29 PM

14:27:05.0244 3124 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:27:05.0291 3124 ============================================================
14:27:05.0291 3124 Current date / time: 2012/03/29 14:27:05.0291
14:27:05.0291 3124 SystemInfo:
14:27:05.0291 3124
14:27:05.0291 3124 OS Version: 6.0.6002 ServicePack: 2.0
14:27:05.0291 3124 Product type: Workstation
14:27:05.0291 3124 ComputerName: LAPTOP
14:27:05.0291 3124 UserName: Louis126
14:27:05.0291 3124 Windows directory: C:\Windows
14:27:05.0291 3124 System windows directory: C:\Windows
14:27:05.0291 3124 Processor architecture: Intel x86
14:27:05.0291 3124 Number of processors: 2
14:27:05.0291 3124 Page size: 0x1000
14:27:05.0291 3124 Boot type: Normal boot
14:27:05.0291 3124 ============================================================
14:27:06.0664 3124 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:27:06.0664 3124 Drive \Device\Harddisk1\DR2 - Size: 0x1DCE7E00 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:27:06.0680 3124 \Device\Harddisk0\DR0:
14:27:06.0680 3124 MBR used
14:27:06.0680 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA4800
14:27:06.0680 3124 \Device\Harddisk1\DR2:
14:27:06.0680 3124 MBR used
14:27:06.0680 3124 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x8, BlocksNum 0xEE737
14:27:06.0695 3124 Initialize success
14:27:06.0695 3124 ============================================================
14:27:52.0840 2388 ============================================================
14:27:52.0840 2388 Scan started
14:27:52.0840 2388 Mode: Manual;
14:27:52.0840 2388 ============================================================
14:27:53.0339 2388 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:27:53.0339 2388 ACPI - ok
14:27:53.0464 2388 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:27:53.0480 2388 adp94xx - ok
14:27:53.0542 2388 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:27:53.0558 2388 adpahci - ok
14:27:53.0604 2388 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:27:53.0604 2388 adpu160m - ok
14:27:53.0698 2388 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:27:53.0698 2388 adpu320 - ok
14:27:53.0792 2388 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:27:53.0807 2388 AeLookupSvc - ok
14:27:53.0932 2388 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:27:53.0932 2388 AFD - ok
14:27:54.0057 2388 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
14:27:54.0057 2388 AgereModemAudio - ok
14:27:54.0182 2388 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:27:54.0182 2388 AgereSoftModem - ok
14:27:54.0275 2388 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:27:54.0275 2388 agp440 - ok
14:27:54.0369 2388 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:27:54.0369 2388 aic78xx - ok
14:27:54.0478 2388 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:27:54.0478 2388 ALG - ok
14:27:54.0572 2388 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:27:54.0572 2388 aliide - ok
14:27:54.0603 2388 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:27:54.0603 2388 amdagp - ok
14:27:54.0650 2388 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:27:54.0650 2388 amdide - ok
14:27:54.0728 2388 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:27:54.0728 2388 AmdK7 - ok
14:27:54.0790 2388 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:27:54.0790 2388 AmdK8 - ok
14:27:54.0946 2388 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:27:54.0946 2388 Appinfo - ok
14:27:55.0086 2388 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:27:55.0086 2388 Apple Mobile Device - ok
14:27:55.0180 2388 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:27:55.0180 2388 arc - ok
14:27:55.0305 2388 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:27:55.0305 2388 arcsas - ok
14:27:55.0414 2388 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:27:55.0414 2388 AsyncMac - ok
14:27:55.0476 2388 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:27:55.0476 2388 atapi - ok
14:27:55.0570 2388 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
14:27:55.0570 2388 athr - ok
14:27:55.0648 2388 Ati External Event Utility (581b9be9e92a0f3856cc85ec011edc6f) C:\Windows\system32\Ati2evxx.exe
14:27:55.0664 2388 Ati External Event Utility - ok
14:27:55.0882 2388 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
14:27:55.0944 2388 atikmdag - ok
14:27:55.0991 2388 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:27:55.0991 2388 AtiPcie - ok
14:27:56.0116 2388 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:27:56.0116 2388 AudioEndpointBuilder - ok
14:27:56.0132 2388 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:27:56.0132 2388 Audiosrv - ok
14:27:56.0272 2388 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:27:56.0272 2388 Beep - ok
14:27:56.0412 2388 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:27:56.0412 2388 BFE - ok
14:27:56.0553 2388 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
14:27:56.0568 2388 BITS - ok
14:27:56.0646 2388 blbdrive - ok
14:27:56.0787 2388 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:27:56.0802 2388 Bonjour Service - ok
14:27:56.0865 2388 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:27:56.0865 2388 bowser - ok
14:27:57.0005 2388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:27:57.0005 2388 BrFiltLo - ok
14:27:57.0052 2388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:27:57.0052 2388 BrFiltUp - ok
14:27:57.0130 2388 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:27:57.0130 2388 Browser - ok
14:27:57.0224 2388 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:27:57.0224 2388 Brserid - ok
14:27:57.0255 2388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:27:57.0255 2388 BrSerWdm - ok
14:27:57.0348 2388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:27:57.0348 2388 BrUsbMdm - ok
14:27:57.0380 2388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:27:57.0380 2388 BrUsbSer - ok
14:27:57.0411 2388 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:27:57.0411 2388 BTHMODEM - ok
14:27:57.0536 2388 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:27:57.0536 2388 cdfs - ok
14:27:57.0676 2388 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:27:57.0676 2388 cdrom - ok
14:27:57.0832 2388 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:27:57.0832 2388 CertPropSvc - ok
14:27:57.0941 2388 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:27:57.0941 2388 CFSvcs - ok
14:27:58.0019 2388 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
14:27:58.0019 2388 circlass - ok
14:27:58.0144 2388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:27:58.0144 2388 CLFS - ok
14:27:58.0222 2388 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:27:58.0222 2388 clr_optimization_v2.0.50727_32 - ok
14:27:58.0316 2388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:27:58.0331 2388 clr_optimization_v4.0.30319_32 - ok
14:27:58.0472 2388 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:27:58.0472 2388 CmBatt - ok
14:27:58.0518 2388 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:27:58.0518 2388 cmdide - ok
14:27:58.0581 2388 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:27:58.0581 2388 Compbatt - ok
14:27:58.0612 2388 COMSysApp - ok
14:27:58.0643 2388 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:27:58.0659 2388 crcdisk - ok
14:27:58.0706 2388 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:27:58.0706 2388 Crusoe - ok
14:27:58.0846 2388 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:27:58.0846 2388 CryptSvc - ok
14:27:58.0955 2388 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:27:58.0971 2388 DcomLaunch - ok
14:27:59.0033 2388 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:27:59.0033 2388 DfsC - ok
14:27:59.0220 2388 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:27:59.0267 2388 DFSR - ok
14:27:59.0423 2388 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:27:59.0439 2388 Dhcp - ok
14:27:59.0548 2388 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:27:59.0548 2388 disk - ok
14:27:59.0657 2388 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:27:59.0657 2388 Dnscache - ok
14:27:59.0751 2388 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:27:59.0766 2388 dot3svc - ok
14:27:59.0907 2388 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:27:59.0907 2388 DPS - ok
14:28:00.0000 2388 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:28:00.0016 2388 drmkaud - ok
14:28:00.0110 2388 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:28:00.0125 2388 DXGKrnl - ok
14:28:00.0266 2388 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:28:00.0266 2388 E1G60 - ok
14:28:00.0375 2388 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:28:00.0375 2388 EapHost - ok
14:28:00.0484 2388 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:28:00.0484 2388 Ecache - ok
14:28:00.0640 2388 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:28:00.0656 2388 elxstor - ok
14:28:00.0749 2388 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:28:00.0749 2388 EMDMgmt - ok
14:28:00.0843 2388 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:28:00.0858 2388 EventSystem - ok
14:28:00.0952 2388 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:28:00.0952 2388 exfat - ok
14:28:01.0046 2388 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:28:01.0046 2388 fastfat - ok
14:28:01.0108 2388 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:28:01.0108 2388 fdc - ok
14:28:01.0186 2388 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:28:01.0186 2388 fdPHost - ok
14:28:01.0248 2388 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:28:01.0248 2388 FDResPub - ok
14:28:01.0373 2388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:28:01.0373 2388 FileInfo - ok
14:28:01.0467 2388 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:28:01.0467 2388 Filetrace - ok
14:28:01.0529 2388 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:28:01.0529 2388 flpydisk - ok
14:28:01.0670 2388 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:28:01.0685 2388 FltMgr - ok
14:28:01.0841 2388 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:28:01.0857 2388 FontCache - ok
14:28:01.0935 2388 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:28:01.0935 2388 FontCache3.0.0.0 - ok
14:28:02.0013 2388 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:28:02.0028 2388 Fs_Rec - ok
14:28:02.0075 2388 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
14:28:02.0091 2388 FwLnk - ok
14:28:02.0138 2388 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:28:02.0138 2388 gagp30kx - ok
14:28:02.0231 2388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:28:02.0231 2388 GEARAspiWDM - ok
14:28:02.0309 2388 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:28:02.0325 2388 gpsvc - ok
14:28:02.0418 2388 gupdate1c9bb254effe9cb (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:28:02.0418 2388 gupdate1c9bb254effe9cb - ok
14:28:02.0465 2388 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:28:02.0465 2388 gupdatem - ok
14:28:02.0543 2388 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:28:02.0543 2388 gusvc - ok
14:28:02.0699 2388 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:28:02.0699 2388 HdAudAddService - ok
14:28:02.0777 2388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:28:02.0777 2388 HDAudBus - ok
14:28:02.0824 2388 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:28:02.0824 2388 HidBth - ok
14:28:02.0871 2388 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
14:28:02.0871 2388 HidIr - ok
14:28:03.0011 2388 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
14:28:03.0011 2388 hidserv - ok
14:28:03.0074 2388 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:28:03.0074 2388 HidUsb - ok
14:28:03.0152 2388 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:28:03.0152 2388 hkmsvc - ok
14:28:03.0214 2388 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:28:03.0214 2388 HpCISSs - ok
14:28:03.0323 2388 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:28:03.0323 2388 HTTP - ok
14:28:03.0386 2388 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:28:03.0386 2388 i2omp - ok
14:28:03.0495 2388 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:28:03.0495 2388 i8042prt - ok
14:28:03.0557 2388 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:28:03.0557 2388 iaStorV - ok
14:28:03.0713 2388 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:28:03.0713 2388 IDriverT - ok
14:28:03.0807 2388 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:28:03.0822 2388 idsvc - ok
14:28:03.0900 2388 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:28:03.0900 2388 iirsp - ok
14:28:04.0041 2388 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:28:04.0056 2388 IKEEXT - ok
14:28:04.0244 2388 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
14:28:04.0275 2388 IntcAzAudAddService - ok
14:28:04.0415 2388 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:28:04.0415 2388 intelide - ok
14:28:04.0493 2388 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
14:28:04.0493 2388 intelppm - ok
14:28:04.0556 2388 IO_Memory - ok
14:28:04.0649 2388 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:28:04.0649 2388 IPBusEnum - ok
14:28:04.0758 2388 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:28:04.0758 2388 IpFilterDriver - ok
14:28:04.0790 2388 IpInIp - ok
14:28:04.0868 2388 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:28:04.0868 2388 IPMIDRV - ok
14:28:04.0946 2388 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:28:04.0946 2388 IPNAT - ok
14:28:05.0024 2388 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
14:28:05.0039 2388 iPod Service - ok
14:28:05.0148 2388 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:28:05.0148 2388 IRENUM - ok
14:28:05.0211 2388 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:28:05.0211 2388 isapnp - ok
14:28:05.0320 2388 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:28:05.0320 2388 iScsiPrt - ok
14:28:05.0382 2388 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:28:05.0382 2388 iteatapi - ok
14:28:05.0507 2388 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:28:05.0507 2388 iteraid - ok
14:28:05.0585 2388 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:28:05.0585 2388 kbdclass - ok
14:28:05.0679 2388 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
14:28:05.0679 2388 kbdhid - ok
14:28:05.0726 2388 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:05.0726 2388 KeyIso - ok
14:28:05.0835 2388 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
14:28:05.0835 2388 KR10I - ok
14:28:05.0897 2388 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
14:28:05.0913 2388 KR10N - ok
14:28:05.0975 2388 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
14:28:05.0991 2388 KR3NPXP - ok
14:28:06.0053 2388 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:28:06.0053 2388 KSecDD - ok
14:28:06.0209 2388 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:28:06.0209 2388 KtmRm - ok
14:28:06.0287 2388 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
14:28:06.0287 2388 LanmanServer - ok
14:28:06.0381 2388 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:28:06.0381 2388 LanmanWorkstation - ok
14:28:06.0521 2388 Lavasoft Ad-Aware Service (4d99fca201b72e0f2ca996e357baa170) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
14:28:06.0537 2388 Lavasoft Ad-Aware Service - ok
14:28:06.0662 2388 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:28:06.0662 2388 Lavasoft Kernexplorer - ok
14:28:06.0786 2388 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:28:06.0802 2388 Lbd - ok
14:28:06.0880 2388 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:28:06.0880 2388 lltdio - ok
14:28:06.0974 2388 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:28:06.0974 2388 lltdsvc - ok
14:28:07.0036 2388 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:28:07.0036 2388 lmhosts - ok
14:28:07.0130 2388 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:28:07.0161 2388 LSI_FC - ok
14:28:07.0317 2388 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:28:07.0348 2388 LSI_SAS - ok
14:28:07.0395 2388 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:28:07.0410 2388 LSI_SCSI - ok
14:28:07.0442 2388 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:28:07.0457 2388 luafv - ok
14:28:07.0566 2388 McciCMService (4f74184920b2d6e33024409b4c5c57c1) C:\Program Files\Common Files\Motive\McciCMService.exe
14:28:07.0566 2388 McciCMService - ok
14:28:07.0676 2388 Media Jukebox 14 Service (5ac6d44ccb8d5c4abac823eaa85d571d) C:\Program Files\J River\Media Jukebox 14\JRService.exe
14:28:07.0676 2388 Media Jukebox 14 Service - ok
14:28:07.0800 2388 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:28:07.0800 2388 megasas - ok
14:28:07.0925 2388 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:28:07.0925 2388 MMCSS - ok
14:28:08.0003 2388 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:28:08.0019 2388 Modem - ok
14:28:08.0112 2388 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:28:08.0112 2388 monitor - ok
14:28:08.0206 2388 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:28:08.0206 2388 mouclass - ok
14:28:08.0268 2388 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:28:08.0268 2388 mouhid - ok
14:28:08.0346 2388 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:28:08.0346 2388 MountMgr - ok
14:28:08.0456 2388 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
14:28:08.0456 2388 MpFilter - ok
14:28:08.0596 2388 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:28:08.0596 2388 mpio - ok
14:28:08.0643 2388 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
14:28:08.0643 2388 MpNWMon - ok
14:28:08.0721 2388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:28:08.0721 2388 mpsdrv - ok
14:28:08.0752 2388 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:28:08.0768 2388 Mraid35x - ok
14:28:08.0830 2388 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:28:08.0830 2388 MREMP50 - ok
14:28:08.0846 2388 MREMP50a64 - ok
14:28:08.0924 2388 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:28:08.0924 2388 MRESP50 - ok
14:28:08.0939 2388 MRESP50a64 - ok
14:28:09.0048 2388 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:28:09.0048 2388 MRxDAV - ok
14:28:09.0126 2388 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:28:09.0126 2388 mrxsmb - ok
14:28:09.0189 2388 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:28:09.0189 2388 mrxsmb10 - ok
14:28:09.0220 2388 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:28:09.0220 2388 mrxsmb20 - ok
14:28:09.0329 2388 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:28:09.0329 2388 msahci - ok
14:28:09.0376 2388 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:28:09.0376 2388 msdsm - ok
14:28:09.0454 2388 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:28:09.0470 2388 MSDTC - ok
14:28:09.0548 2388 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:28:09.0548 2388 Msfs - ok
14:28:09.0688 2388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:28:09.0704 2388 msisadrv - ok
14:28:09.0782 2388 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:28:09.0797 2388 MSiSCSI - ok
14:28:09.0844 2388 msiserver - ok
14:28:09.0906 2388 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:28:09.0922 2388 MSKSSRV - ok
14:28:10.0000 2388 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
14:28:10.0016 2388 MsMpSvc - ok
14:28:10.0156 2388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:28:10.0156 2388 MSPCLOCK - ok
14:28:10.0203 2388 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:28:10.0203 2388 MSPQM - ok
14:28:10.0281 2388 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:28:10.0281 2388 MsRPC - ok
14:28:10.0343 2388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:28:10.0343 2388 mssmbios - ok
14:28:10.0437 2388 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:28:10.0437 2388 MSTEE - ok
14:28:10.0499 2388 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:28:10.0499 2388 Mup - ok
14:28:10.0593 2388 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:28:10.0608 2388 napagent - ok
14:28:10.0671 2388 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:28:10.0671 2388 NativeWifiP - ok
14:28:10.0780 2388 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:28:10.0796 2388 NDIS - ok
14:28:10.0889 2388 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:28:10.0889 2388 NdisTapi - ok
14:28:10.0952 2388 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:28:10.0952 2388 Ndisuio - ok
14:28:11.0014 2388 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:28:11.0014 2388 NdisWan - ok
14:28:11.0108 2388 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:28:11.0108 2388 NDProxy - ok
14:28:11.0170 2388 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:28:11.0170 2388 NetBIOS - ok
14:28:11.0248 2388 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:28:11.0248 2388 netbt - ok
14:28:11.0310 2388 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:11.0310 2388 Netlogon - ok
14:28:11.0388 2388 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:28:11.0388 2388 Netman - ok
14:28:11.0482 2388 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:28:11.0482 2388 netprofm - ok
14:28:11.0560 2388 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:28:11.0560 2388 NetTcpPortSharing - ok
14:28:11.0622 2388 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:28:11.0622 2388 nfrd960 - ok
14:28:11.0700 2388 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:28:11.0700 2388 NisDrv - ok
14:28:11.0778 2388 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
14:28:11.0778 2388 NisSrv - ok
14:28:11.0856 2388 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:28:11.0872 2388 NlaSvc - ok
14:28:11.0950 2388 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:28:11.0950 2388 Npfs - ok
14:28:12.0044 2388 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:28:12.0044 2388 nsi - ok
14:28:12.0106 2388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:28:12.0106 2388 nsiproxy - ok
14:28:12.0215 2388 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:28:12.0231 2388 Ntfs - ok
14:28:12.0293 2388 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:28:12.0309 2388 ntrigdigi - ok
14:28:12.0512 2388 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:28:12.0512 2388 NuidFltr - ok
14:28:12.0543 2388 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:28:12.0543 2388 Null - ok
14:28:12.0605 2388 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:28:12.0621 2388 nvraid - ok
14:28:12.0652 2388 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:28:12.0668 2388 nvstor - ok
14:28:12.0714 2388 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:28:12.0714 2388 nv_agp - ok
14:28:12.0761 2388 NwlnkFlt - ok
14:28:12.0824 2388 NwlnkFwd - ok
14:28:12.0964 2388 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:28:12.0964 2388 ohci1394 - ok
14:28:13.0058 2388 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:13.0073 2388 p2pimsvc - ok
14:28:13.0104 2388 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:13.0120 2388 p2psvc - ok
14:28:13.0182 2388 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:28:13.0182 2388 Parport - ok
14:28:13.0292 2388 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:28:13.0292 2388 partmgr - ok
14:28:13.0323 2388 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:28:13.0323 2388 Parvdm - ok
14:28:13.0370 2388 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:28:13.0385 2388 PcaSvc - ok
14:28:13.0448 2388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:28:13.0448 2388 pci - ok
14:28:13.0541 2388 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:28:13.0541 2388 pciide - ok
14:28:13.0635 2388 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:28:13.0650 2388 pcmcia - ok
14:28:13.0775 2388 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:28:13.0791 2388 PEAUTH - ok
14:28:13.0884 2388 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
14:28:13.0884 2388 pinger - ok
14:28:14.0025 2388 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:28:14.0072 2388 pla - ok
14:28:14.0165 2388 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:28:14.0181 2388 PlugPlay - ok
14:28:14.0259 2388 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:14.0259 2388 PNRPAutoReg - ok
14:28:14.0306 2388 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:28:14.0306 2388 PNRPsvc - ok
14:28:14.0384 2388 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
14:28:14.0384 2388 Point32 - ok
14:28:14.0493 2388 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:28:14.0493 2388 PolicyAgent - ok
14:28:14.0571 2388 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:28:14.0571 2388 PptpMiniport - ok
14:28:14.0633 2388 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:28:14.0633 2388 Processor - ok
14:28:14.0696 2388 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:28:14.0696 2388 ProfSvc - ok
14:28:14.0805 2388 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:14.0805 2388 ProtectedStorage - ok
14:28:14.0883 2388 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:28:14.0883 2388 PSched - ok
14:28:14.0945 2388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
14:28:14.0961 2388 PxHelp20 - ok
14:28:15.0086 2388 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:28:15.0117 2388 ql2300 - ok
14:28:15.0195 2388 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:28:15.0210 2388 ql40xx - ok
14:28:15.0273 2388 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:28:15.0288 2388 QWAVE - ok
14:28:15.0366 2388 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:28:15.0366 2388 QWAVEdrv - ok
14:28:15.0444 2388 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:28:15.0444 2388 RasAcd - ok
14:28:15.0538 2388 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:28:15.0538 2388 RasAuto - ok
14:28:15.0663 2388 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:28:15.0663 2388 Rasl2tp - ok
14:28:15.0741 2388 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:28:15.0756 2388 RasMan - ok
14:28:15.0834 2388 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:28:15.0834 2388 RasPppoe - ok
14:28:15.0912 2388 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:28:15.0912 2388 RasSstp - ok
14:28:15.0990 2388 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:28:15.0990 2388 rdbss - ok
14:28:16.0037 2388 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:28:16.0037 2388 RDPCDD - ok
14:28:16.0115 2388 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:28:16.0115 2388 rdpdr - ok
14:28:16.0209 2388 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:28:16.0209 2388 RDPENCDD - ok
14:28:16.0287 2388 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:28:16.0287 2388 RDPWD - ok
14:28:16.0349 2388 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:28:16.0349 2388 RemoteAccess - ok
14:28:16.0427 2388 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:28:16.0427 2388 RemoteRegistry - ok
14:28:16.0536 2388 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
14:28:16.0552 2388 rimmptsk - ok
14:28:16.0630 2388 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
14:28:16.0630 2388 rimsptsk - ok
14:28:16.0708 2388 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
14:28:16.0708 2388 rismxdp - ok
14:28:16.0770 2388 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:28:16.0770 2388 RpcLocator - ok
14:28:16.0895 2388 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:28:16.0911 2388 RpcSs - ok
14:28:16.0989 2388 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:28:16.0989 2388 rspndr - ok
14:28:17.0067 2388 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:28:17.0067 2388 RTL8169 - ok
14:28:17.0207 2388 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
14:28:17.0207 2388 RTL8187B - ok
14:28:17.0316 2388 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:28:17.0316 2388 SamSs - ok
14:28:17.0394 2388 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:28:17.0394 2388 sbp2port - ok
14:28:17.0504 2388 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:28:17.0519 2388 SCardSvr - ok
14:28:17.0644 2388 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:28:17.0660 2388 Schedule - ok
14:28:17.0738 2388 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:28:17.0738 2388 SCPolicySvc - ok
14:28:17.0816 2388 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
14:28:17.0831 2388 sdbus - ok
14:28:17.0894 2388 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:28:17.0909 2388 SDRSVC - ok
14:28:17.0987 2388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:28:17.0987 2388 secdrv - ok
14:28:18.0065 2388 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:28:18.0065 2388 seclogon - ok
14:28:18.0190 2388 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:28:18.0190 2388 SENS - ok
14:28:18.0252 2388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:28:18.0252 2388 Serenum - ok
14:28:18.0315 2388 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:28:18.0315 2388 Serial - ok
14:28:18.0424 2388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:28:18.0424 2388 sermouse - ok
14:28:18.0502 2388 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:28:18.0502 2388 SessionEnv - ok
14:28:18.0642 2388 SessionLauncher - ok
14:28:18.0720 2388 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:28:18.0720 2388 sffdisk - ok
14:28:18.0830 2388 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:28:18.0830 2388 sffp_mmc - ok
14:28:18.0892 2388 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:28:18.0892 2388 sffp_sd - ok
14:28:18.0939 2388 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:28:18.0939 2388 sfloppy - ok
14:28:19.0017 2388 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:28:19.0017 2388 SharedAccess - ok
14:28:19.0126 2388 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:28:19.0142 2388 ShellHWDetection - ok
14:28:19.0204 2388 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:28:19.0204 2388 sisagp - ok
14:28:19.0266 2388 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:28:19.0266 2388 SiSRaid2 - ok
14:28:19.0313 2388 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:28:19.0313 2388 SiSRaid4 - ok
14:28:19.0532 2388 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:28:19.0563 2388 slsvc - ok
14:28:19.0656 2388 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:28:19.0656 2388 SLUINotify - ok
14:28:19.0734 2388 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:28:19.0734 2388 Smb - ok
14:28:19.0797 2388 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:28:19.0797 2388 SNMPTRAP - ok
14:28:19.0906 2388 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:28:19.0906 2388 spldr - ok
14:28:19.0984 2388 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:28:19.0984 2388 Spooler - ok
14:28:20.0078 2388 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:28:20.0093 2388 srv - ok
14:28:20.0171 2388 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:28:20.0187 2388 srv2 - ok
14:28:20.0265 2388 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:28:20.0265 2388 srvnet - ok
14:28:20.0343 2388 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:28:20.0358 2388 SSDPSRV - ok
14:28:20.0468 2388 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:28:20.0483 2388 SstpSvc - ok
14:28:20.0561 2388 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:28:20.0577 2388 stisvc - ok
14:28:20.0670 2388 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:28:20.0670 2388 swenum - ok
14:28:20.0748 2388 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:28:20.0780 2388 swprv - ok
14:28:20.0811 2388 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
14:28:20.0811 2388 Swupdtmr - ok
14:28:20.0873 2388 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:28:20.0873 2388 Symc8xx - ok
14:28:20.0967 2388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:28:20.0967 2388 Sym_hi - ok
14:28:21.0014 2388 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:28:21.0029 2388 Sym_u3 - ok
14:28:21.0154 2388 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
14:28:21.0154 2388 SynTP - ok
14:28:21.0232 2388 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:28:21.0248 2388 SysMain - ok
14:28:21.0294 2388 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:28:21.0294 2388 TabletInputService - ok
14:28:21.0404 2388 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:28:21.0404 2388 TapiSrv - ok
14:28:21.0482 2388 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:28:21.0497 2388 TBS - ok
14:28:21.0560 2388 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
14:28:21.0560 2388 Tcpip - ok
14:28:21.0622 2388 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
14:28:21.0638 2388 Tcpip6 - ok
14:28:21.0716 2388 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
14:28:21.0716 2388 tcpipreg - ok
14:28:21.0762 2388 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:28:21.0762 2388 tdcmdpst - ok
14:28:21.0840 2388 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:28:21.0840 2388 TDPIPE - ok
14:28:21.0887 2388 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:28:21.0887 2388 TDTCP - ok
14:28:21.0965 2388 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:28:21.0965 2388 TermDD - ok
14:28:22.0074 2388 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:28:22.0090 2388 TermService - ok
14:28:22.0168 2388 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:28:22.0168 2388 Themes - ok
14:28:22.0246 2388 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:28:22.0246 2388 THREADORDER - ok
14:28:22.0340 2388 TNaviSrv (804fed244fc47642cc635236d47a67d4) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:28:22.0340 2388 TNaviSrv - ok
14:28:22.0418 2388 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
14:28:22.0418 2388 TODDSrv - ok
14:28:22.0496 2388 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:28:22.0496 2388 TOSHIBA Bluetooth Service - ok
14:28:22.0542 2388 Tosrfcom - ok
14:28:22.0574 2388 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
14:28:22.0574 2388 tosrfec - ok
14:28:22.0652 2388 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:28:22.0652 2388 tos_sps32 - ok
14:28:22.0761 2388 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:28:22.0761 2388 TrkWks - ok
14:28:22.0792 2388 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:28:22.0792 2388 TrustedInstaller - ok
14:28:22.0870 2388 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:28:22.0870 2388 tssecsrv - ok
14:28:22.0964 2388 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:28:22.0964 2388 tunmp - ok
14:28:23.0042 2388 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:28:23.0042 2388 tunnel - ok
14:28:23.0182 2388 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:28:23.0182 2388 TVALZ - ok
14:28:23.0229 2388 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:28:23.0229 2388 uagp35 - ok
14:28:23.0307 2388 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:28:23.0322 2388 udfs - ok
14:28:23.0400 2388 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:28:23.0400 2388 UI0Detect - ok
14:28:23.0478 2388 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:28:23.0478 2388 uliagpkx - ok
14:28:23.0541 2388 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:28:23.0556 2388 uliahci - ok
14:28:23.0603 2388 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:28:23.0603 2388 UlSata - ok
14:28:23.0650 2388 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:28:23.0650 2388 ulsata2 - ok
14:28:23.0712 2388 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:28:23.0712 2388 umbus - ok
14:28:23.0822 2388 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:28:23.0837 2388 upnphost - ok
14:28:23.0931 2388 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:28:23.0931 2388 USBAAPL - ok
14:28:24.0024 2388 usbccgp (0adb101083dfa5039b1e65fb36551ab1) C:\Windows\system32\DRIVERS\usbccgp.sys
14:28:24.0024 2388 usbccgp - ok
14:28:24.0102 2388 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:28:24.0118 2388 usbcir - ok
14:28:24.0165 2388 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:28:24.0165 2388 usbehci - ok
14:28:24.0258 2388 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:28:24.0258 2388 usbhub - ok
14:28:24.0321 2388 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:28:24.0321 2388 usbohci - ok
14:28:24.0383 2388 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:28:24.0383 2388 usbprint - ok
14:28:24.0477 2388 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:28:24.0492 2388 USBSTOR - ok
14:28:24.0555 2388 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:28:24.0570 2388 usbuhci - ok
14:28:24.0664 2388 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
14:28:24.0680 2388 usbvideo - ok
14:28:24.0742 2388 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:28:24.0742 2388 UxSms - ok
14:28:24.0851 2388 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:28:24.0867 2388 vds - ok
14:28:24.0976 2388 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:28:24.0976 2388 vga - ok
14:28:25.0038 2388 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:28:25.0038 2388 VgaSave - ok
14:28:25.0116 2388 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:28:25.0116 2388 viaagp - ok
14:28:25.0179 2388 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:28:25.0179 2388 ViaC7 - ok
14:28:25.0272 2388 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:28:25.0272 2388 viaide - ok
14:28:25.0350 2388 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:28:25.0350 2388 volmgr - ok
14:28:25.0475 2388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:28:25.0475 2388 volmgrx - ok
14:28:25.0569 2388 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:28:25.0569 2388 volsnap - ok
14:28:25.0631 2388 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:28:25.0647 2388 vsmraid - ok
14:28:25.0803 2388 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:28:25.0834 2388 VSS - ok
14:28:25.0928 2388 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:28:25.0943 2388 W32Time - ok
14:28:26.0021 2388 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:28:26.0037 2388 WacomPen - ok
14:28:26.0146 2388 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:26.0146 2388 Wanarp - ok
14:28:26.0162 2388 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:28:26.0177 2388 Wanarpv6 - ok
14:28:26.0240 2388 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:28:26.0271 2388 wcncsvc - ok
14:28:26.0318 2388 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:28:26.0333 2388 WcsPlugInService - ok
14:28:26.0380 2388 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:28:26.0396 2388 Wd - ok
14:28:26.0489 2388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:28:26.0505 2388 Wdf01000 - ok
14:28:26.0614 2388 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:28:26.0614 2388 WdiServiceHost - ok
14:28:26.0630 2388 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:28:26.0630 2388 WdiSystemHost - ok
14:28:26.0708 2388 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:28:26.0723 2388 WebClient - ok
14:28:26.0801 2388 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:28:26.0801 2388 Wecsvc - ok
14:28:26.0910 2388 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:28:26.0910 2388 wercplsupport - ok
14:28:26.0973 2388 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:28:26.0973 2388 WerSvc - ok
14:28:27.0066 2388 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
14:28:27.0066 2388 winbondcir - ok
14:28:27.0082 2388 WinHttpAutoProxySvc - ok
14:28:27.0176 2388 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:28:27.0176 2388 Winmgmt - ok
14:28:27.0316 2388 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:28:27.0378 2388 WinRM - ok
14:28:27.0519 2388 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
14:28:27.0519 2388 WinUSB - ok
14:28:27.0612 2388 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:28:27.0628 2388 Wlansvc - ok
14:28:27.0722 2388 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:28:27.0722 2388 WmiAcpi - ok
14:28:27.0831 2388 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:28:27.0846 2388 wmiApSrv - ok
14:28:27.0940 2388 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:28:27.0987 2388 WMPNetworkSvc - ok
14:28:28.0065 2388 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:28:28.0080 2388 WPCSvc - ok
14:28:28.0190 2388 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:28:28.0190 2388 WPDBusEnum - ok
14:28:28.0346 2388 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:28:28.0346 2388 WpdUsb - ok
14:28:28.0486 2388 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:28:28.0533 2388 WPFFontCache_v0400 - ok
14:28:28.0595 2388 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:28:28.0595 2388 ws2ifsl - ok
14:28:28.0736 2388 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
14:28:28.0736 2388 wscsvc - ok
14:28:28.0814 2388 WSearch - ok
14:28:28.0970 2388 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:28:29.0016 2388 wuauserv - ok
14:28:29.0126 2388 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:28:29.0126 2388 WudfPf - ok
14:28:29.0219 2388 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:28:29.0235 2388 WUDFRd - ok
14:28:29.0266 2388 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
14:28:29.0282 2388 wudfsvc - ok
14:28:29.0313 2388 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:28:29.0375 2388 \Device\Harddisk0\DR0 - ok
14:28:29.0375 2388 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
14:28:40.0560 2388 \Device\Harddisk1\DR2 - ok
14:28:40.0576 2388 Boot (0x1200) (88790f2ca704ecd16940d813cb5020cd) \Device\Harddisk0\DR0\Partition0
14:28:40.0576 2388 \Device\Harddisk0\DR0\Partition0 - ok
14:28:40.0607 2388 Boot (0x1200) (1c644d196b20284edb55d0e7f168dfe8) \Device\Harddisk1\DR2\Partition0
14:28:40.0607 2388 \Device\Harddisk1\DR2\Partition0 - ok
14:28:40.0607 2388 ============================================================
14:28:40.0607 2388 Scan finished
14:28:40.0607 2388 ============================================================
14:28:40.0670 3392 Detected object count: 0
14:28:40.0670 3392 Actual detected object count: 0


So, do you think I should try running this scan again, but this time in SAFE MODE, instead?

Edited by MrCoffeeMate, 29 March 2012 - 03:32 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 29 March 2012 - 04:21 PM

Hi,

no, i think that the issue is either hardware or the malware and neither will be resolved by switching to safe mode.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 30 March 2012 - 01:00 PM

Well, I'm trying this for the second time now. Thus far I have yet to see either of the recovery boxes you screenshotted above in your response. Instead all I have had happen is an extremely lengthy scan take place from off of a blue-colored Command-Prompt text box.

I'm letting it run for the 2nd time right now. The first time an error showed up on the screen stating that something had stopped running (I am thinking it must have said that the

"Freeware implementation of XCACLS has stopped working" (minus the quotations), because this is the same message I NOW see on the screen after about 2 hours of scanning with the blue-colored Command-Prompt text box).

The first time I just clicked the X in the upper-right hand corner of this error box (I was half-asleep when it happened the first time, and I didn't even bother reading anything about what it meant, or anything at all about it like that).

But this time, I will leave the error box on the screen, and wait for your next instructions.

I actually shut down the laptop after the first scan, and booted back up a few hours later, and as already stated am running the scan for the 2nd time now. I also saw an error on the screen after booting back up earlier, saying that there was something corrupted in the Trash Bin, and gave me the option to empty the bin.

So I did. . .maybe I should have not done so, but rather waited. . .I don't know.


UPDATE: HERE ARE SOME ADDITIONAL DETAILS WHICH MAY BE OF INTEREST TO YOU REGARDING THIS ERROR

Problem Event Name: APPCRASH
Application Name: swxcacls.3XE
Application Version: 1.0.1.1
Application Timestamp: 2a425e19
Fault Module Name: swxcacls.3XE
Fault Module Version: 1.0.1.1
Fault Module Timestamp: 2a425e19
Exception Code: c0000005
Exception Offset: 00004b2a
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033
Additional Information 1: 10d2
Additional Information 2: bc8de4cf187252366c8a95b2b8c2432e
Additional Information 3: 04aa
Additional Information 4: b2ebd16eee57c5d2012971fb4a8476fc

Edited by MrCoffeeMate, 30 March 2012 - 05:10 PM.


#10 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 30 March 2012 - 05:10 PM

UPDATE: HERE ARE SOME ADDITIONAL DETAILS WHICH MAY BE OF INTEREST TO YOU REGARDING THIS ERROR

Problem Event Name: APPCRASH
Application Name: swxcacls.3XE
Application Version: 1.0.1.1
Application Timestamp: 2a425e19
Fault Module Name: swxcacls.3XE
Fault Module Version: 1.0.1.1
Fault Module Timestamp: 2a425e19
Exception Code: c0000005
Exception Offset: 00004b2a
OS Version: 6.0.6002.2.2.0.768.2
Locale ID: 1033
Additional Information 1: 10d2
Additional Information 2: bc8de4cf187252366c8a95b2b8c2432e
Additional Information 3: 04aa
Additional Information 4: b2ebd16eee57c5d2012971fb4a8476fc


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 31 March 2012 - 01:05 PM

Hi,

ok, that's not good. Could you please try running it from safe mode?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 01 April 2012 - 11:55 AM

OK, tried running from just SAFE MODE (with neither Command Prompt, nor with Networking). . .

This time I get a different message than before in the blue box. This time I am almost immediately warned that:

"Access Denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks" (minus quotations).

Then it looks like the last text seems to indicate that it was attempting to create a new System Restore Point.

I am also still seeing a Recycle Bin warning, which comes up each time I log onto this infected machine. It is telling me that:

"The Recycle Bin on C:\ is corrupted. Do you want to empty the Recycle Bin for this drive?" (minus quotations).
Then there is (obviously) the option of either selecting "Yes" or "No".

Can you please let me know what I might need to do in order to use an administrator command prompt. I wonder if I can accomplish this by shutting down, and then booting back up into SAFE MODE WITH COMMAND PROMPT. . .seems like that might make sense. . .

Thank you!!

OK, IMPORTANT UPDATE: I JUST NOW DECIDED TO DO A FEW THINGS, KIND OF IN UNISON, NOT THINKING THIS WOULD MAKE ANY KIND OF DIFFERENCE. BUT MAYBE IT DID. . .I MINIMIZED THE BLUE WINDOW, THEN SELECTED "NO" ON THE RECYCLE BIN ERROR, AND ALSO INSERTED MY USB FLASH DRIVE INTO THIS MACHINE. THEN THE SCAN STARTED. AT WHICH POINT I BEGAN TYPING THIS UPDATE. HOWEVER, WHILE I WAS TYPING THIS UPDATE, THE TOSHIBA LAPTOP WAS SHUT OFF, WITHOUT ANY WARNING, AND WITHOUT GOING THROUGH ANY KIND OF SHUT DOWN PROCEDURES.

I AM GOING TO SEE IF I CAN RUN THE COMBO FIX SCAN ONCE AGAIN IN SAFE MODE, BUT THIS TIME WITH COMMAND PROMPT. I'M FIRST GOING TO RUN AN ANTI-VIRUS SCAN ON MY USB FLASH DRIVE, AND MAKE SURE I HAVE THE CORRECT COMBO FIX DOWNLOAD ON HERE.

Edited by MrCoffeeMate, 01 April 2012 - 12:05 PM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 01 April 2012 - 12:09 PM

Hi,

I think malware is killing us off and we need to disable it first. Let's try a different approach:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 MrCoffeeMate

MrCoffeeMate
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 01 April 2012 - 12:49 PM

OK, I've tried this three times now, and keep getting the same results. Each time it seems like all that happens is the notepad window is being filled with a page full of arbitrary nonsensical unreadable text. When I select Word Wrap under the Format menu, I am actually able to make out the following (partially understandable) message:

"This program cannot be run in DOS mode." (minus quotations)

When I unselect Word Wrap, I can then no longer make out any understandable messages within this string of nonsensical text.

Awaiting further instructions (but I may be in and out some today, so I might not get back to you until a little later, or even possibly until tomorrow). . .

Thank you!!

Edited by MrCoffeeMate, 01 April 2012 - 12:52 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:38 AM

Posted 01 April 2012 - 12:55 PM

Hi,

did you run it from the repair environment? Or did you try to run it in normal windows? It needs to be run from the repair environment.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users