Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili/GimmeAnswers/Scour redirect rootkit


  • This topic is locked This topic is locked
20 replies to this topic

#1 NOnymous

NOnymous

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 03 April 2012 - 05:25 PM

(First post, so excuse any informalities.)

I've somehow picked up a rootkit/virus of some sort which causes me to be taken to an unrelated search/spam website, most commonly Happili, GimmeAnswers, or Scour.com, whenever I click on a redirect. This makes Google, Yahoo, Bing, etc. very irritating to use, as these websites use redirects to measure search traffic and the only reliable way to view results from these sites now is to either copy-and-paste the URL or repeatedly open the link in a new tab, hoping the rootkit doesn't hijack the redirect process.

I'm using Vista SP2 with IE 9. Any help at all would be appreciated.

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 03 April 2012 - 05:29 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 09 April 2012 - 10:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 15 April 2012 - 07:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 05 June 2012 - 07:53 AM

Topic reopened.

#6 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 June 2012 - 08:08 AM

I appear to still be having this issue. The redirect has returned, passing by Happili in favor of various other websites like BeesQ and cheapdeals.com but retaining Scour.

Nasdaq: I have tried both removal tools. I'm in the process of running aswMBR.exe and will update with that later. As for the TDSSKiller log, it turned up negative, but here it is anyway:

08:06:07.0553 0704	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:06:08.0317 0704	============================================================
08:06:08.0317 0704	Current date / time: 2012/06/05 08:06:08.0317
08:06:08.0317 0704	SystemInfo:
08:06:08.0317 0704	
08:06:08.0317 0704	OS Version: 6.0.6002 ServicePack: 2.0
08:06:08.0317 0704	Product type: Workstation
08:06:08.0318 0704	ComputerName: CARR-PC
08:06:08.0318 0704	UserName: Carr
08:06:08.0318 0704	Windows directory: C:\Windows
08:06:08.0318 0704	System windows directory: C:\Windows
08:06:08.0318 0704	Processor architecture: Intel x86
08:06:08.0318 0704	Number of processors: 2
08:06:08.0318 0704	Page size: 0x1000
08:06:08.0318 0704	Boot type: Safe boot with network
08:06:08.0318 0704	============================================================
08:06:11.0942 0704	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:06:11.0944 0704	============================================================
08:06:11.0944 0704	\Device\Harddisk0\DR0:
08:06:11.0945 0704	MBR partitions:
08:06:11.0945 0704	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x8705000
08:06:11.0945 0704	============================================================
08:06:11.0992 0704	C: <-> \Device\Harddisk0\DR0\Partition0
08:06:11.0992 0704	============================================================
08:06:11.0992 0704	Initialize success
08:06:11.0992 0704	============================================================
08:06:13.0943 0368	============================================================
08:06:13.0943 0368	Scan started
08:06:13.0943 0368	Mode: Manual; 
08:06:13.0943 0368	============================================================
08:06:18.0516 0368	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:06:18.0541 0368	ACPI - ok
08:06:19.0258 0368	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
08:06:19.0318 0368	adp94xx - ok
08:06:19.0856 0368	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
08:06:19.0926 0368	adpahci - ok
08:06:20.0187 0368	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
08:06:20.0208 0368	adpu160m - ok
08:06:20.0401 0368	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
08:06:20.0432 0368	adpu320 - ok
08:06:20.0588 0368	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
08:06:20.0588 0368	AeLookupSvc - ok
08:06:20.0791 0368	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:06:20.0822 0368	AFD - ok
08:06:22.0079 0368	AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
08:06:22.0376 0368	AgereSoftModem - ok
08:06:22.0579 0368	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
08:06:22.0601 0368	agp440 - ok
08:06:22.0766 0368	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:06:22.0769 0368	aic78xx - ok
08:06:22.0850 0368	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
08:06:22.0852 0368	ALG - ok
08:06:22.0906 0368	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
08:06:22.0924 0368	aliide - ok
08:06:23.0086 0368	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
08:06:23.0087 0368	amdagp - ok
08:06:23.0180 0368	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
08:06:23.0198 0368	amdide - ok
08:06:23.0227 0368	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
08:06:23.0244 0368	AmdK7 - ok
08:06:23.0426 0368	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
08:06:23.0451 0368	AmdK8 - ok
08:06:23.0591 0368	ApfiltrService  (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:06:23.0594 0368	ApfiltrService - ok
08:06:23.0767 0368	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
08:06:23.0852 0368	Appinfo - ok
08:06:24.0207 0368	AppMgmt         (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
08:06:24.0211 0368	AppMgmt - ok
08:06:24.0404 0368	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
08:06:24.0439 0368	arc - ok
08:06:24.0664 0368	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
08:06:24.0676 0368	arcsas - ok
08:06:24.0829 0368	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:06:24.0842 0368	AsyncMac - ok
08:06:25.0011 0368	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:06:25.0011 0368	atapi - ok
08:06:26.0000 0368	athr            (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
08:06:26.0101 0368	athr - ok
08:06:26.0736 0368	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:06:26.0814 0368	AudioEndpointBuilder - ok
08:06:26.0830 0368	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
08:06:26.0830 0368	Audiosrv - ok
08:06:27.0299 0368	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
08:06:27.0300 0368	BcmSqlStartupSvc - ok
08:06:27.0421 0368	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:06:27.0461 0368	Beep - ok
08:06:28.0437 0368	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
08:06:28.0492 0368	BFE - ok
08:06:30.0048 0368	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
08:06:30.0321 0368	BITS - ok
08:06:30.0326 0368	blbdrive - ok
08:06:30.0600 0368	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:06:30.0655 0368	bowser - ok
08:06:30.0762 0368	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:06:30.0787 0368	BrFiltLo - ok
08:06:30.0811 0368	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:06:30.0820 0368	BrFiltUp - ok
08:06:30.0955 0368	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
08:06:30.0959 0368	Browser - ok
08:06:31.0180 0368	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:06:31.0211 0368	Brserid - ok
08:06:31.0305 0368	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:06:31.0305 0368	BrSerWdm - ok
08:06:31.0414 0368	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:06:31.0430 0368	BrUsbMdm - ok
08:06:31.0461 0368	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:06:31.0476 0368	BrUsbSer - ok
08:06:31.0586 0368	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:06:31.0586 0368	BTHMODEM - ok
08:06:31.0687 0368	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:06:31.0692 0368	cdfs - ok
08:06:31.0918 0368	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:06:31.0929 0368	cdrom - ok
08:06:32.0123 0368	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:06:32.0130 0368	CertPropSvc - ok
08:06:32.0405 0368	CFSvcs          (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:06:32.0406 0368	CFSvcs - ok
08:06:32.0507 0368	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
08:06:32.0516 0368	circlass - ok
08:06:32.0820 0368	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:06:32.0826 0368	CLFS - ok
08:06:33.0396 0368	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:06:33.0467 0368	clr_optimization_v2.0.50727_32 - ok
08:06:34.0252 0368	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:06:34.0283 0368	clr_optimization_v4.0.30319_32 - ok
08:06:34.0439 0368	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:06:34.0439 0368	CmBatt - ok
08:06:34.0564 0368	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
08:06:34.0579 0368	cmdide - ok
08:06:34.0689 0368	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:06:34.0689 0368	Compbatt - ok
08:06:34.0689 0368	COMSysApp - ok
08:06:34.0767 0368	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
08:06:34.0768 0368	crcdisk - ok
08:06:34.0815 0368	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
08:06:34.0817 0368	Crusoe - ok
08:06:35.0087 0368	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
08:06:35.0095 0368	CryptSvc - ok
08:06:35.0456 0368	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
08:06:35.0528 0368	CSC - ok
08:06:36.0149 0368	CscService      (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
08:06:36.0305 0368	CscService - ok
08:06:36.0671 0368	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:06:36.0683 0368	DcomLaunch - ok
08:06:36.0842 0368	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:06:36.0844 0368	DfsC - ok
08:06:37.0955 0368	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
08:06:38.0099 0368	DFSR - ok
08:06:39.0214 0368	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
08:06:39.0230 0368	Dhcp - ok
08:06:39.0448 0368	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:06:39.0449 0368	disk - ok
08:06:39.0636 0368	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
08:06:39.0639 0368	Dnscache - ok
08:06:39.0859 0368	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
08:06:39.0864 0368	dot3svc - ok
08:06:39.0962 0368	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
08:06:39.0978 0368	DPS - ok
08:06:40.0052 0368	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:06:40.0054 0368	drmkaud - ok
08:06:40.0490 0368	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:06:40.0506 0368	DXGKrnl - ok
08:06:40.0755 0368	e1express       (2269390a8af6e2c1c381cc15afccf0ac) C:\Windows\system32\DRIVERS\e1e6032.sys
08:06:40.0755 0368	e1express - ok
08:06:40.0943 0368	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:06:40.0944 0368	E1G60 - ok
08:06:41.0040 0368	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
08:06:41.0042 0368	EapHost - ok
08:06:41.0104 0368	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:06:41.0147 0368	Ecache - ok
08:06:41.0464 0368	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
08:06:41.0470 0368	elxstor - ok
08:06:41.0819 0368	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
08:06:41.0835 0368	EMDMgmt - ok
08:06:42.0051 0368	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
08:06:42.0074 0368	EventSystem - ok
08:06:42.0301 0368	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:06:42.0315 0368	exfat - ok
08:06:42.0655 0368	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:06:42.0682 0368	fastfat - ok
08:06:43.0404 0368	Fax             (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
08:06:43.0591 0368	Fax - ok
08:06:43.0716 0368	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
08:06:43.0731 0368	fdc - ok
08:06:43.0825 0368	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
08:06:43.0825 0368	fdPHost - ok
08:06:43.0950 0368	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
08:06:43.0981 0368	FDResPub - ok
08:06:44.0100 0368	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:06:44.0116 0368	FileInfo - ok
08:06:44.0262 0368	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:06:44.0276 0368	Filetrace - ok
08:06:44.0392 0368	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
08:06:44.0397 0368	flpydisk - ok
08:06:44.0900 0368	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:06:44.0963 0368	FltMgr - ok
08:06:46.0020 0368	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
08:06:46.0128 0368	FontCache - ok
08:06:46.0372 0368	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:06:46.0407 0368	FontCache3.0.0.0 - ok
08:06:46.0482 0368	Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
08:06:46.0511 0368	Fs_Rec - ok
08:06:46.0729 0368	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
08:06:46.0745 0368	gagp30kx - ok
08:06:47.0057 0368	GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
08:06:47.0057 0368	GoogleDesktopManager-051210-111108 - ok
08:06:47.0596 0368	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
08:06:47.0688 0368	gpsvc - ok
08:06:48.0022 0368	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:06:48.0069 0368	gupdate - ok
08:06:48.0074 0368	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:06:48.0075 0368	gupdatem - ok
08:06:48.0220 0368	hamachi         (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
08:06:48.0237 0368	hamachi - ok
08:06:48.0611 0368	Hamachi2Svc - ok
08:06:49.0169 0368	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:06:49.0213 0368	HdAudAddService - ok
08:06:50.0326 0368	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:06:50.0427 0368	HDAudBus - ok
08:06:50.0524 0368	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:06:50.0526 0368	HidBth - ok
08:06:50.0602 0368	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:06:50.0658 0368	HidIr - ok
08:06:50.0761 0368	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
08:06:50.0788 0368	hidserv - ok
08:06:50.0866 0368	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:06:50.0868 0368	HidUsb - ok
08:06:51.0121 0368	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
08:06:51.0142 0368	hkmsvc - ok
08:06:51.0272 0368	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
08:06:51.0276 0368	HpCISSs - ok
08:06:52.0147 0368	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:06:52.0302 0368	HTTP - ok
08:06:52.0416 0368	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
08:06:52.0420 0368	i2omp - ok
08:06:52.0660 0368	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:06:52.0698 0368	i8042prt - ok
08:06:55.0081 0368	ialm            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:06:55.0290 0368	ialm - ok
08:06:57.0445 0368	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
08:06:57.0510 0368	iaStorV - ok
08:06:57.0871 0368	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:06:57.0884 0368	IDriverT - ok
08:06:59.0847 0368	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:07:00.0046 0368	idsvc - ok
08:07:00.0565 0368	igfx            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:07:00.0577 0368	igfx - ok
08:07:00.0943 0368	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:07:00.0943 0368	iirsp - ok
08:07:01.0115 0368	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
08:07:01.0161 0368	IKEEXT - ok
08:07:01.0780 0368	IntcAzAudAddService (a47b2875680ad67b35c6150bd0203056) C:\Windows\system32\drivers\RTKVHDA.sys
08:07:01.0948 0368	IntcAzAudAddService - ok
08:07:02.0372 0368	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:07:02.0372 0368	intelide - ok
08:07:02.0403 0368	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:07:02.0403 0368	intelppm - ok
08:07:02.0481 0368	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
08:07:02.0481 0368	IPBusEnum - ok
08:07:02.0528 0368	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:07:02.0528 0368	IpFilterDriver - ok
08:07:02.0575 0368	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
08:07:02.0590 0368	iphlpsvc - ok
08:07:02.0590 0368	IpInIp - ok
08:07:02.0621 0368	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
08:07:02.0621 0368	IPMIDRV - ok
08:07:02.0668 0368	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:07:02.0668 0368	IPNAT - ok
08:07:02.0699 0368	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:07:02.0699 0368	IRENUM - ok
08:07:02.0727 0368	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
08:07:02.0729 0368	isapnp - ok
08:07:02.0785 0368	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:07:02.0789 0368	iScsiPrt - ok
08:07:02.0810 0368	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:07:02.0811 0368	iteatapi - ok
08:07:02.0860 0368	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:07:02.0881 0368	iteraid - ok
08:07:02.0934 0368	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:07:02.0935 0368	kbdclass - ok
08:07:03.0009 0368	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:07:03.0012 0368	kbdhid - ok
08:07:03.0066 0368	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:07:03.0068 0368	KeyIso - ok
08:07:03.0241 0368	KR10I           (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
08:07:03.0246 0368	KR10I - ok
08:07:03.0301 0368	KR10N           (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
08:07:03.0354 0368	KR10N - ok
08:07:03.0631 0368	KR3NPXP         (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
08:07:03.0641 0368	KR3NPXP - ok
08:07:03.0997 0368	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
08:07:04.0043 0368	KSecDD - ok
08:07:04.0215 0368	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
08:07:04.0247 0368	KtmRm - ok
08:07:04.0327 0368	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
08:07:04.0333 0368	LanmanServer - ok
08:07:04.0440 0368	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
08:07:04.0488 0368	LanmanWorkstation - ok
08:07:04.0551 0368	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:07:04.0553 0368	lltdio - ok
08:07:04.0640 0368	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
08:07:04.0687 0368	lltdsvc - ok
08:07:04.0747 0368	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
08:07:04.0749 0368	lmhosts - ok
08:07:04.0830 0368	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
08:07:04.0832 0368	LSI_FC - ok
08:07:04.0935 0368	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
08:07:04.0939 0368	LSI_SAS - ok
08:07:04.0990 0368	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
08:07:05.0012 0368	LSI_SCSI - ok
08:07:05.0067 0368	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:07:05.0070 0368	luafv - ok
08:07:05.0238 0368	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
08:07:05.0269 0368	MBAMSwissArmy - ok
08:07:05.0332 0368	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
08:07:05.0332 0368	megasas - ok
08:07:05.0363 0368	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:07:05.0379 0368	MMCSS - ok
08:07:05.0441 0368	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:07:05.0441 0368	Modem - ok
08:07:05.0550 0368	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:07:05.0550 0368	monitor - ok
08:07:05.0628 0368	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:07:05.0644 0368	mouclass - ok
08:07:05.0675 0368	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:07:05.0691 0368	mouhid - ok
08:07:05.0784 0368	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:07:05.0800 0368	MountMgr - ok
08:07:05.0864 0368	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
08:07:05.0903 0368	mpio - ok
08:07:06.0001 0368	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:07:06.0003 0368	mpsdrv - ok
08:07:06.0400 0368	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
08:07:06.0419 0368	MpsSvc - ok
08:07:06.0469 0368	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:07:06.0496 0368	Mraid35x - ok
08:07:06.0632 0368	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:07:06.0634 0368	MRxDAV - ok
08:07:06.0823 0368	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:07:06.0823 0368	mrxsmb - ok
08:07:06.0963 0368	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:07:06.0979 0368	mrxsmb10 - ok
08:07:07.0182 0368	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:07:07.0197 0368	mrxsmb20 - ok
08:07:07.0244 0368	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
08:07:07.0244 0368	msahci - ok
08:07:07.0307 0368	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
08:07:07.0307 0368	msdsm - ok
08:07:07.0357 0368	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
08:07:07.0374 0368	MSDTC - ok
08:07:07.0467 0368	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:07:07.0468 0368	Msfs - ok
08:07:07.0514 0368	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:07:07.0538 0368	msisadrv - ok
08:07:07.0669 0368	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
08:07:07.0673 0368	MSiSCSI - ok
08:07:07.0679 0368	msiserver - ok
08:07:07.0745 0368	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:07:07.0746 0368	MSKSSRV - ok
08:07:07.0781 0368	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:07:07.0783 0368	MSPCLOCK - ok
08:07:07.0833 0368	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:07:07.0834 0368	MSPQM - ok
08:07:07.0874 0368	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:07:07.0878 0368	MsRPC - ok
08:07:08.0023 0368	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:07:08.0036 0368	mssmbios - ok
08:07:08.0244 0368	MSSQL$MSSMLBIZ - ok
08:07:08.0485 0368	MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:07:08.0486 0368	MSSQLServerADHelper - ok
08:07:08.0562 0368	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:07:08.0581 0368	MSTEE - ok
08:07:08.0675 0368	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:07:08.0680 0368	Mup - ok
08:07:09.0318 0368	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
08:07:09.0357 0368	napagent - ok
08:07:09.0656 0368	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:07:09.0691 0368	NativeWifiP - ok
08:07:10.0108 0368	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:07:10.0177 0368	NDIS - ok
08:07:10.0246 0368	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:07:10.0248 0368	NdisTapi - ok
08:07:10.0324 0368	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:07:10.0326 0368	Ndisuio - ok
08:07:10.0460 0368	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:07:10.0476 0368	NdisWan - ok
08:07:10.0511 0368	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:07:10.0526 0368	NDProxy - ok
08:07:10.0591 0368	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:07:10.0593 0368	NetBIOS - ok
08:07:10.0748 0368	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:07:10.0781 0368	netbt - ok
08:07:10.0834 0368	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:07:10.0835 0368	Netlogon - ok
08:07:11.0032 0368	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
08:07:11.0143 0368	Netman - ok
08:07:11.0353 0368	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
08:07:11.0389 0368	netprofm - ok
08:07:11.0607 0368	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:07:11.0701 0368	NetTcpPortSharing - ok
08:07:13.0046 0368	NETw3v32        (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
08:07:13.0513 0368	NETw3v32 - ok
08:07:17.0179 0368	NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
08:07:18.0085 0368	NETw5v32 - ok
08:07:18.0756 0368	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:07:18.0783 0368	nfrd960 - ok
08:07:19.0186 0368	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
08:07:19.0217 0368	NlaSvc - ok
08:07:19.0311 0368	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:07:19.0311 0368	Npfs - ok
08:07:19.0358 0368	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
08:07:19.0373 0368	nsi - ok
08:07:19.0451 0368	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:07:19.0467 0368	nsiproxy - ok
08:07:20.0133 0368	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:07:20.0300 0368	Ntfs - ok
08:07:20.0411 0368	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:07:20.0412 0368	ntrigdigi - ok
08:07:20.0468 0368	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:07:20.0469 0368	Null - ok
08:07:20.0569 0368	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
08:07:20.0595 0368	nvraid - ok
08:07:20.0634 0368	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
08:07:20.0636 0368	nvstor - ok
08:07:20.0741 0368	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
08:07:20.0772 0368	nv_agp - ok
08:07:20.0772 0368	NwlnkFlt - ok
08:07:20.0787 0368	NwlnkFwd - ok
08:07:21.0296 0368	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:07:21.0367 0368	odserv - ok
08:07:21.0437 0368	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:07:21.0439 0368	ohci1394 - ok
08:07:21.0631 0368	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:07:21.0661 0368	ose - ok
08:07:22.0153 0368	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:07:22.0279 0368	p2pimsvc - ok
08:07:22.0279 0368	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:07:22.0294 0368	p2psvc - ok
08:07:22.0403 0368	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
08:07:22.0435 0368	Parport - ok
08:07:22.0544 0368	partmgr         (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
08:07:22.0544 0368	partmgr - ok
08:07:22.0622 0368	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
08:07:22.0622 0368	Parvdm - ok
08:07:22.0715 0368	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
08:07:22.0747 0368	PcaSvc - ok
08:07:22.0862 0368	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:07:22.0879 0368	pci - ok
08:07:22.0937 0368	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
08:07:22.0962 0368	pciide - ok
08:07:23.0168 0368	pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
08:07:23.0193 0368	pcmcia - ok
08:07:23.0773 0368	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:07:24.0041 0368	PEAUTH - ok
08:07:24.0213 0368	pinger          (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
08:07:24.0244 0368	pinger - ok
08:07:25.0279 0368	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
08:07:25.0563 0368	pla - ok
08:07:26.0266 0368	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
08:07:26.0293 0368	PlugPlay - ok
08:07:26.0720 0368	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:07:26.0727 0368	PNRPAutoReg - ok
08:07:26.0737 0368	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
08:07:26.0744 0368	PNRPsvc - ok
08:07:27.0117 0368	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
08:07:27.0164 0368	PolicyAgent - ok
08:07:27.0367 0368	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:07:27.0398 0368	PptpMiniport - ok
08:07:27.0463 0368	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
08:07:27.0492 0368	Processor - ok
08:07:27.0683 0368	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
08:07:27.0714 0368	ProfSvc - ok
08:07:27.0755 0368	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:07:27.0757 0368	ProtectedStorage - ok
08:07:27.0854 0368	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:07:27.0871 0368	PSched - ok
08:07:27.0916 0368	PxHelp20        (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
08:07:27.0936 0368	PxHelp20 - ok
08:07:28.0699 0368	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
08:07:28.0948 0368	ql2300 - ok
08:07:29.0474 0368	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:07:29.0499 0368	ql40xx - ok
08:07:29.0692 0368	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
08:07:29.0731 0368	QWAVE - ok
08:07:29.0790 0368	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:07:29.0791 0368	QWAVEdrv - ok
08:07:29.0835 0368	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:07:29.0837 0368	RasAcd - ok
08:07:29.0909 0368	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
08:07:29.0951 0368	RasAuto - ok
08:07:30.0029 0368	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:07:30.0029 0368	Rasl2tp - ok
08:07:30.0232 0368	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
08:07:30.0279 0368	RasMan - ok
08:07:30.0357 0368	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:07:30.0388 0368	RasPppoe - ok
08:07:30.0494 0368	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:07:30.0513 0368	RasSstp - ok
08:07:30.0695 0368	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:07:30.0723 0368	rdbss - ok
08:07:30.0766 0368	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:07:30.0779 0368	RDPCDD - ok
08:07:30.0964 0368	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
08:07:30.0981 0368	rdpdr - ok
08:07:30.0992 0368	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:07:31.0009 0368	RDPENCDD - ok
08:07:31.0210 0368	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
08:07:31.0258 0368	RDPWD - ok
08:07:31.0347 0368	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
08:07:31.0367 0368	RemoteAccess - ok
08:07:31.0536 0368	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
08:07:31.0567 0368	RemoteRegistry - ok
08:07:31.0614 0368	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
08:07:31.0614 0368	RpcLocator - ok
08:07:32.0019 0368	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
08:07:32.0019 0368	RpcSs - ok
08:07:32.0071 0368	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:07:32.0092 0368	rspndr - ok
08:07:32.0132 0368	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
08:07:32.0134 0368	SamSs - ok
08:07:32.0218 0368	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:07:32.0233 0368	sbp2port - ok
08:07:32.0342 0368	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
08:07:32.0384 0368	SCardSvr - ok
08:07:32.0753 0368	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
08:07:32.0840 0368	Schedule - ok
08:07:32.0883 0368	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
08:07:32.0883 0368	SCPolicySvc - ok
08:07:32.0987 0368	sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
08:07:33.0006 0368	sdbus - ok
08:07:33.0111 0368	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
08:07:33.0122 0368	SDRSVC - ok
08:07:33.0186 0368	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:07:33.0188 0368	secdrv - ok
08:07:33.0281 0368	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
08:07:33.0311 0368	seclogon - ok
08:07:33.0370 0368	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
08:07:33.0400 0368	SENS - ok
08:07:33.0454 0368	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
08:07:33.0456 0368	Serenum - ok
08:07:33.0577 0368	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
08:07:33.0594 0368	Serial - ok
08:07:33.0682 0368	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:07:33.0684 0368	sermouse - ok
08:07:33.0758 0368	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
08:07:33.0787 0368	SessionEnv - ok
08:07:33.0898 0368	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
08:07:33.0900 0368	sffdisk - ok
08:07:34.0031 0368	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
08:07:34.0032 0368	sffp_mmc - ok
08:07:34.0086 0368	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
08:07:34.0092 0368	sffp_sd - ok
08:07:34.0145 0368	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:07:34.0147 0368	sfloppy - ok
08:07:34.0325 0368	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
08:07:34.0351 0368	SharedAccess - ok
08:07:34.0539 0368	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
08:07:34.0589 0368	ShellHWDetection - ok
08:07:34.0620 0368	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
08:07:34.0620 0368	sisagp - ok
08:07:34.0667 0368	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
08:07:34.0698 0368	SiSRaid2 - ok
08:07:34.0745 0368	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
08:07:34.0745 0368	SiSRaid4 - ok
08:07:37.0083 0368	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
08:07:37.0758 0368	slsvc - ok
08:07:38.0177 0368	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
08:07:38.0197 0368	SLUINotify - ok
08:07:38.0400 0368	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:07:38.0409 0368	Smb - ok
08:07:38.0442 0368	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
08:07:38.0445 0368	SNMPTRAP - ok
08:07:38.0499 0368	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:07:38.0501 0368	spldr - ok
08:07:38.0556 0368	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
08:07:38.0560 0368	Spooler - ok
08:07:39.0119 0368	SQLBrowser      (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:07:39.0122 0368	SQLBrowser - ok
08:07:39.0208 0368	SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:07:39.0208 0368	SQLWriter - ok
08:07:39.0536 0368	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:07:39.0583 0368	srv - ok
08:07:39.0692 0368	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:07:39.0692 0368	srv2 - ok
08:07:39.0723 0368	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:07:39.0723 0368	srvnet - ok
08:07:39.0906 0368	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
08:07:39.0911 0368	SSDPSRV - ok
08:07:39.0957 0368	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
08:07:39.0962 0368	SstpSvc - ok
08:07:40.0037 0368	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
08:07:40.0062 0368	stisvc - ok
08:07:40.0106 0368	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:07:40.0107 0368	swenum - ok
08:07:40.0264 0368	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
08:07:40.0273 0368	swprv - ok
08:07:40.0345 0368	Swupdtmr        (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
08:07:40.0347 0368	Swupdtmr - ok
08:07:40.0414 0368	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:07:40.0415 0368	Symc8xx - ok
08:07:40.0461 0368	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:07:40.0463 0368	Sym_hi - ok
08:07:40.0483 0368	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:07:40.0484 0368	Sym_u3 - ok
08:07:40.0556 0368	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
08:07:40.0630 0368	SysMain - ok
08:07:40.0658 0368	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
08:07:40.0662 0368	TabletInputService - ok
08:07:40.0718 0368	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
08:07:40.0725 0368	TapiSrv - ok
08:07:40.0824 0368	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
08:07:40.0824 0368	TBS - ok
08:07:41.0105 0368	Tcpip           (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
08:07:41.0152 0368	Tcpip - ok
08:07:41.0167 0368	Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
08:07:41.0167 0368	Tcpip6 - ok
08:07:41.0245 0368	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:07:41.0261 0368	tcpipreg - ok
08:07:41.0277 0368	TcUsb           (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys
08:07:41.0292 0368	TcUsb - ok
08:07:41.0293 0368	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
08:07:41.0293 0368	tdcmdpst - ok
08:07:41.0325 0368	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:07:41.0326 0368	TDPIPE - ok
08:07:41.0347 0368	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:07:41.0349 0368	TDTCP - ok
08:07:41.0389 0368	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:07:41.0392 0368	tdx - ok
08:07:41.0470 0368	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:07:41.0472 0368	TermDD - ok
08:07:41.0687 0368	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
08:07:41.0698 0368	TermService - ok
08:07:41.0748 0368	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
08:07:41.0752 0368	Themes - ok
08:07:41.0800 0368	Thpdrv          (9e6f8b0a638cf0cb421f38fa367335f5) C:\Windows\system32\DRIVERS\thpdrv.sys
08:07:41.0801 0368	Thpdrv - ok
08:07:41.0875 0368	Thpevm          (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS
08:07:41.0876 0368	Thpevm - ok
08:07:41.0951 0368	Thpsrv          (f6d4a4238ad7d08e5c09fd7fb58a2d90) C:\Windows\system32\ThpSrv.exe
08:07:41.0973 0368	Thpsrv - ok
08:07:42.0012 0368	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
08:07:42.0014 0368	THREADORDER - ok
08:07:42.0082 0368	TODDSrv         (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
08:07:42.0086 0368	TODDSrv - ok
08:07:42.0282 0368	TosCoSrv        (af41337c08d1c240af14ba4cab02bf02) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
08:07:42.0315 0368	TosCoSrv - ok
08:07:42.0393 0368	TOSHIBA Bluetooth Service (76148c3159718b701252f87b067904a6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
08:07:42.0409 0368	TOSHIBA Bluetooth Service - ok
08:07:42.0471 0368	Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\drivers\Tosrfcom.sys
08:07:42.0471 0368	Tosrfcom - ok
08:07:42.0518 0368	tosrfec         (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
08:07:42.0518 0368	tosrfec - ok
08:07:42.0627 0368	TPM             (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
08:07:42.0643 0368	TPM - ok
08:07:42.0705 0368	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
08:07:42.0721 0368	TrkWks - ok
08:07:42.0830 0368	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
08:07:42.0830 0368	TrustedInstaller - ok
08:07:42.0847 0368	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:07:42.0847 0368	tssecsrv - ok
08:07:42.0946 0368	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:07:42.0947 0368	tunmp - ok
08:07:42.0984 0368	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
08:07:42.0986 0368	tunnel - ok
08:07:43.0018 0368	TVALZ           (c2ac99b9979aa8b82b4bb5ee514ef71b) C:\Windows\system32\DRIVERS\TVALZ.SYS
08:07:43.0019 0368	TVALZ - ok
08:07:43.0060 0368	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
08:07:43.0062 0368	uagp35 - ok
08:07:43.0100 0368	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:07:43.0105 0368	udfs - ok
08:07:43.0155 0368	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
08:07:43.0158 0368	UI0Detect - ok
08:07:43.0311 0368	UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:07:43.0312 0368	UleadBurningHelper - ok
08:07:43.0337 0368	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
08:07:43.0339 0368	uliagpkx - ok
08:07:43.0375 0368	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
08:07:43.0379 0368	uliahci - ok
08:07:43.0403 0368	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:07:43.0421 0368	UlSata - ok
08:07:43.0446 0368	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:07:43.0449 0368	ulsata2 - ok
08:07:43.0484 0368	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:07:43.0486 0368	umbus - ok
08:07:43.0615 0368	UmRdpService    (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
08:07:43.0621 0368	UmRdpService - ok
08:07:43.0724 0368	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
08:07:43.0732 0368	upnphost - ok
08:07:43.0780 0368	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:07:43.0782 0368	usbccgp - ok
08:07:43.0923 0368	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:07:43.0984 0368	usbcir - ok
08:07:44.0108 0368	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:07:44.0108 0368	usbehci - ok
08:07:44.0139 0368	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:07:44.0139 0368	usbhub - ok
08:07:44.0155 0368	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
08:07:44.0155 0368	usbohci - ok
08:07:44.0186 0368	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
08:07:44.0201 0368	usbprint - ok
08:07:44.0233 0368	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:07:44.0233 0368	USBSTOR - ok
08:07:44.0279 0368	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:07:44.0279 0368	usbuhci - ok
08:07:44.0311 0368	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
08:07:44.0311 0368	UxSms - ok
08:07:44.0373 0368	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
08:07:44.0374 0368	vds - ok
08:07:44.0395 0368	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
08:07:44.0397 0368	vga - ok
08:07:44.0491 0368	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:07:44.0492 0368	VgaSave - ok
08:07:44.0544 0368	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
08:07:44.0546 0368	viaagp - ok
08:07:44.0579 0368	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
08:07:44.0581 0368	ViaC7 - ok
08:07:44.0602 0368	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
08:07:44.0604 0368	viaide - ok
08:07:44.0639 0368	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:07:44.0641 0368	volmgr - ok
08:07:44.0690 0368	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:07:44.0707 0368	volmgrx - ok
08:07:44.0745 0368	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:07:44.0750 0368	volsnap - ok
08:07:44.0787 0368	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
08:07:44.0790 0368	vsmraid - ok
08:07:44.0881 0368	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
08:07:45.0058 0368	VSS - ok
08:07:45.0112 0368	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
08:07:45.0130 0368	W32Time - ok
08:07:45.0185 0368	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:07:45.0186 0368	WacomPen - ok
08:07:45.0223 0368	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:07:45.0225 0368	Wanarp - ok
08:07:45.0228 0368	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:07:45.0229 0368	Wanarpv6 - ok
08:07:45.0295 0368	wbengine        (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
08:07:45.0331 0368	wbengine - ok
08:07:45.0370 0368	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
08:07:45.0395 0368	wcncsvc - ok
08:07:45.0436 0368	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
08:07:45.0439 0368	WcsPlugInService - ok
08:07:45.0503 0368	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
08:07:45.0504 0368	Wd - ok
08:07:45.0556 0368	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:07:45.0579 0368	Wdf01000 - ok
08:07:45.0618 0368	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:07:45.0622 0368	WdiServiceHost - ok
08:07:45.0625 0368	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
08:07:45.0629 0368	WdiSystemHost - ok
08:07:45.0670 0368	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
08:07:45.0676 0368	WebClient - ok
08:07:45.0720 0368	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
08:07:45.0741 0368	Wecsvc - ok
08:07:45.0774 0368	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
08:07:45.0778 0368	wercplsupport - ok
08:07:45.0820 0368	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
08:07:45.0825 0368	WerSvc - ok
08:07:45.0959 0368	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
08:07:46.0039 0368	WinDefend - ok
08:07:46.0045 0368	WinHttpAutoProxySvc - ok
08:07:46.0131 0368	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
08:07:46.0203 0368	Winmgmt - ok
08:07:46.0421 0368	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
08:07:46.0473 0368	WinRM - ok
08:07:46.0552 0368	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
08:07:46.0575 0368	Wlansvc - ok
08:07:46.0964 0368	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:07:47.0028 0368	wlidsvc - ok
08:07:47.0293 0368	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
08:07:47.0295 0368	WmiAcpi - ok
08:07:47.0382 0368	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
08:07:47.0473 0368	wmiApSrv - ok
08:07:48.0626 0368	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:07:48.0772 0368	WMPNetworkSvc - ok
08:07:49.0170 0368	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:07:49.0234 0368	WPFFontCache_v0400 - ok
08:07:49.0349 0368	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:07:49.0350 0368	ws2ifsl - ok
08:07:49.0417 0368	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
08:07:49.0421 0368	wscsvc - ok
08:07:49.0425 0368	WSearch - ok
08:07:49.0853 0368	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
08:07:49.0944 0368	wuauserv - ok
08:07:50.0163 0368	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:07:50.0163 0368	WUDFRd - ok
08:07:50.0334 0368	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
08:07:50.0476 0368	wudfsvc - ok
08:07:50.0492 0368	MBR (0x1B8)     (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:07:51.0056 0368	\Device\Harddisk0\DR0 - ok
08:07:51.0093 0368	Boot (0x1200)   (5805ad2feacfda0534e26cebe748cafc) \Device\Harddisk0\DR0\Partition0
08:07:51.0096 0368	\Device\Harddisk0\DR0\Partition0 - ok
08:07:51.0096 0368	============================================================
08:07:51.0096 0368	Scan finished
08:07:51.0096 0368	============================================================
08:07:51.0112 1888	Detected object count: 0
08:07:51.0112 1888	Actual detected object count: 0


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 05 June 2012 - 09:13 AM

Forget about the aswMRB for now. Concentrate on this one.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#8 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 June 2012 - 12:54 PM

I have a problem. Whenever I try to open ComboFix, it stays on the "running scan" screen for over three hours, which I highly doubt it is supposed to do. In addition, it has a nasty tendency to divert resources from the rest of the computer to the point that a manual reboot is necessary.

I'm not sure if this is related, but now, trying to start Windows Defender gives me the following error message.

"Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually."

I can't think of a single solution for this problem other than to completely reformat the hard drive, which is something I emphatically don't want to do, and every minute this goes on the more brutally I want to maim whichever polite young man created this piece-of-trash rootkit. Please help in any way you can.

Edited by NOnymous, 05 June 2012 - 01:19 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 05 June 2012 - 01:27 PM

Download and run this tool. Try the .com or .scr first.


The tool should run on all 32bit versions of current Windows (XP, Vista, Windows 7)
Rkill. To be run when nothing works.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Without restarting the computer run ComboFix.

Post the log if you can.

If ComboFix restart the computer and does not restart its self. Run it again.

#10 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 June 2012 - 01:33 PM

Here is the RKill log in case it can be of any use:


This log file is located at C:\rkill.log. 
Please post this only if requested to by the person helping you. 
Otherwise you can close this log when you wish. 

Rkill was run on 06/05/2012 at 13:30:09. 
Operating System: Windows Vista (TM) Business 


Processes terminated by Rkill or while it was running: 

C:\Users\Carr\Downloads\ResHack\ff8dls_v139\df_31_25_win\oo\Hamachi!\hamachi-2-ui.exe
C:\Users\Carr\Downloads\ResHack\ff8dls_v139\df_31_25_win\oo\Hamachi!\hamachi-2.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\Downloads\Trillian\trillian.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Carr\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\grpconv.exe


Rkill completed on 06/05/2012 at 13:30:18.

I'm about to rerun ComboFix. Wish me luck.

#11 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 05 June 2012 - 01:54 PM

Running RKill before ComboFix appears to have done nothing. To give you a frame of reference, in my timezone it was roughly 1:32 when I began the ComboFix scan. It was 1:53 when I gave up and had to manually restart the entire system, as it was still stuck on the AutoScan screen. (The Windows Defender error is still appearing.)

Altogether, reformatting is looking more and more like the only solution to this problem... :(

Edited by NOnymous, 05 June 2012 - 01:56 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 06 June 2012 - 08:46 AM

Lets check your Master Boot Record before reinstalling the operating system.

Run aswMBR and post the log.

Run ComboFix an other time. You may get lucky.

#13 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 07 June 2012 - 12:41 AM

Unfortunately, this program repeatedly ends up freezing and subsequently crashing on me whenever I try to run it, roughly an hour or two in to the scan. I really don't want to have to reinstall Windows, so what could I do to fix this?

Edit: ComboFix is not going to work on this computer, period. All it has done so far is freeze my computer in its attempts to AutoScan. Last night I left my computer in sleep mode for the sole purpose of letting ComboFix do its job in peace. When I came back at 5:02 in the morning, the computer was entirely unresponsive, forcing a manual shutdown.

Edited by NOnymous, 07 June 2012 - 05:12 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,962 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 AM

Posted 07 June 2012 - 07:56 AM

Can you run this program and post the log?

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#15 NOnymous

NOnymous
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 07 June 2012 - 12:31 PM

Here they are:

OTL logfile created on: 6/7/2012 12:05:20 PM - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Carr\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.99% Memory free
4.21 Gb Paging File | 3.16 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.51 Gb Total Space | 20.06 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

Computer Name: CARR-PC | User Name: Carr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Carr\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Carr\Downloads\ResHack\ff8dls_v139\df_31_25_win\oo\Hamachi!\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Toshiba\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\bba52e3253fef00a69ebf14114185558\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Toshiba\HDD Protection\NotifyTHP.dll ()
MOD - C:\Program Files\Toshiba\TBS\NotifyTBS.dll ()
MOD - C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Windows\System32\hccutils.dll ()
MOD - C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Users\Carr\Downloads\ResHack\ff8dls_v139\df_31_25_win\oo\Hamachi!\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (Swupdtmr) -- c:\Toshiba\IVP\swupdate\swupdtmr.exe ()
SRV - (pinger) -- C:\Toshiba\IVP\ISM\pinger.exe ()
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Carr\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (pwtdqpoc) -- C:\pwtdqpoc.sys (GMER)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (Thpevm) -- C:\Windows\System32\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\Windows\System32\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys (Microsoft Corporation)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
DRV - (fdc) -- C:\Windows\System32\drivers\fdc.sys (Microsoft Corporation)
DRV - (flpydisk) -- C:\Windows\System32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV - (KR3NPXP) -- C:\Windows\System32\drivers\kr3npxp.sys (TOSHIBA CORPORATION)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\..\SearchScopes,DefaultScope = {0C11562C-3600-4DDC-BC21-6799CB4D926D}
IE - HKLM\..\SearchScopes\{0C11562C-3600-4DDC-BC21-6799CB4D926D}: "URL" = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0C11562C-3600-4DDC-BC21-6799CB4D926D}
IE - HKCU\..\SearchScopes\{0C11562C-3600-4DDC-BC21-6799CB4D926D}: "URL" = http://www.google.com
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=0pE1cqaHbortRJw2JgwYdwH9hrY?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carr\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carr\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Carr\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Carr\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Carr\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Carr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Carr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: EZ Zoom = C:\Users\Carr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjddfakmeeljhjhnhgakblggcfkmima\1.6.5_0\
CHR - Extension: Gmail = C:\Users\Carr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Carr\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.52\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Users\Carr\Downloads\ResHack\ff8dls_v139\df_31_25_win\oo\Hamachi!\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files\Toshiba\PasswordUtility\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background File not found
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A351FF0F-9E70-4076-88FE-00E089F4E127}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\19.0.1084.52\npchrome_frame.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 12:03:04 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Carr\Desktop\OTL.exe
[2012/06/07 05:20:42 | 000,100,864 | ---- | C] (GMER) -- C:\pwtdqpoc.sys
[2012/06/07 03:01:31 | 000,000,000 | ---D | C] -- C:\fa59d74177986648ababe0
[2012/06/07 00:52:02 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/06 23:00:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Carr\Desktop\anotherapp.com.exe
[2012/06/06 14:51:13 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{18D09944-A145-47BA-BB68-8C2654308E88}
[2012/06/06 14:50:46 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{53156D6F-A3F1-4394-8255-07B7799B286B}
[2012/06/05 14:08:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/05 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{1E5ED53A-CC40-4D8D-B47E-046E4D66562D}
[2012/06/05 13:55:34 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{2AB620CC-9B71-43CB-9764-69B35BFF2D18}
[2012/06/05 13:00:23 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{63271AF9-9AB4-447D-AFF7-273FD553DD19}
[2012/06/05 13:00:00 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{7B5780C0-28BC-445C-9432-9F9F7CCEF8FD}
[2012/06/05 12:37:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/05 09:18:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/05 09:18:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/05 09:18:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/05 09:18:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/05 09:17:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/05 09:16:04 | 004,538,527 | R--- | C] (Swearware) -- C:\Users\Carr\Desktop\myapp.com.exe
[2012/06/05 06:13:21 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{97CD77C4-9A79-451F-B85D-4A781909CE47}
[2012/06/05 06:12:59 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{E18B4F91-A912-4029-88F0-98750CBDAD58}
[2012/06/04 20:50:58 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{7EDE2594-4F1C-463A-B443-E8529327DE16}
[2012/06/04 20:50:38 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{9B63CC38-8FDD-4837-BF91-CC3DDBF2804E}
[2012/06/04 12:58:44 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{078D39F3-89DD-407D-ABB6-5916DB1F9374}
[2012/06/04 12:58:23 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{679C8B8A-C848-45F7-B66F-50BA26E45392}
[2012/06/03 12:09:53 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{E05D168A-5556-4BDB-A6F7-892CEA78536B}
[2012/06/03 12:09:28 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{FF2322D9-DB22-42A1-A8E0-02D776B7C8CD}
[2012/06/02 12:36:56 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{11BD0A6A-7198-446C-9146-D3C9A954B72A}
[2012/06/02 12:36:32 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{D2D35B0E-0A01-4975-9AB6-DE1C2B09AD68}
[2012/06/01 12:42:30 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/01 12:41:06 | 000,733,280 | ---- | C] (Google Inc.) -- C:\Users\Carr\Desktop\ChromeSetup.exe
[2012/06/01 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{9788B528-18AD-46DB-B07F-83142948A07E}
[2012/06/01 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{CBB80A82-329A-48F9-BBC7-983419997E04}
[2012/05/31 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Roaming\Vulture
[2012/05/31 16:01:14 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vulture-NetHack
[2012/05/31 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulture-NetHack
[2012/05/31 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{2C85AF28-AAFF-4A60-9677-5AC9EE525C3D}
[2012/05/31 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{9AC9ACEC-A633-4F54-9654-3FFFA487454E}
[2012/05/30 15:34:58 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{39FB2FC3-BE5F-4AFE-B8A5-FC53BE308B1A}
[2012/05/30 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{3C460487-29A5-4B28-B3D8-F47795CB8E24}
[2012/05/29 22:13:38 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{42DB78CD-8102-4701-94C5-1BB7D4AB020B}
[2012/05/29 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{3840BAC0-E51E-49E9-949D-D1B016D7354D}
[2012/05/28 14:01:26 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{A834E735-C09D-4371-9924-162812E12A07}
[2012/05/28 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{351CF17A-4713-4342-837C-7F34CFF41F13}
[2012/05/27 19:46:07 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{D639D950-F41F-48A2-B98C-60BE552BE995}
[2012/05/27 19:45:56 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{7C0EF4EC-7A56-429D-AB9A-41FBDA7E98C9}
[2012/05/27 19:42:53 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{D60B5C5D-587E-4668-BE91-D981455F35E9}
[2012/05/27 19:42:26 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{F36F83DB-CA86-4367-BF89-B71A7F277087}
[2012/05/26 11:20:42 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{5F816032-78BE-43A6-A482-CF6325476E95}
[2012/05/26 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{CFC0B6C0-5D03-4C32-82C1-D56C21499238}
[2012/05/25 17:36:00 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{E08AB018-DC8A-4C33-930B-94B58C8E1E4A}
[2012/05/25 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{97397DB3-5DBE-44D9-9B85-ADD25E38F297}
[2012/05/22 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{03BE7975-7639-4CAB-A2C4-EB27340B94E8}
[2012/05/22 21:01:59 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{52B66795-9C14-488A-9E7D-7AC6CFDC5FC5}
[2012/05/21 16:01:38 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{7A426EB0-B28A-46BC-8748-B9BDCFA34425}
[2012/05/21 16:01:24 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{7CF02EBB-8BDB-4030-ADE0-DEDC2F7C05C5}
[2012/05/20 20:41:27 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{78F638C7-7E20-4554-8C03-01D48F8F5B58}
[2012/05/20 20:41:04 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{6589E70C-1C8E-4D8A-AB8A-FF0776587EAF}
[2012/05/19 12:28:51 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{25CF6666-2921-4D87-816D-A834F1F85024}
[2012/05/19 12:28:28 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{A78360FA-4FF5-4882-94E2-64DE994567AF}
[2012/05/18 14:39:40 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{BF6B7278-8986-468B-9FFC-908D0D0C89AA}
[2012/05/18 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{F5D9A220-2F27-4D42-8533-C47F4A9A2861}
[2012/05/16 15:16:27 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{3755C904-3866-4C1B-BFAC-F5D41DB1EB67}
[2012/05/16 15:16:05 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{96881CD8-A8AF-4712-870A-B8506767AC55}
[2012/05/15 17:21:46 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{79315BF6-6DED-4F23-BDED-5B83C4E1E8BE}
[2012/05/15 17:21:24 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{B9AB3986-091C-43D4-A849-FF0BF20375F5}
[2012/05/14 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{2C51AAC9-3009-4ED4-BB31-09CBC5A13403}
[2012/05/14 18:49:12 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{5DF2A7EE-F4A7-4227-8FAA-EEE91D0CB9FE}
[2012/05/13 11:53:44 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{DF22FABB-E230-4B98-9BE2-8D42FC98F4D9}
[2012/05/13 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{0F618F33-4871-4CF4-B148-B2D2ACE1A6F1}
[2012/05/12 23:25:15 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{A66B53EB-CE81-4968-A6BC-6484275860EC}
[2012/05/12 10:00:38 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{457154AE-E2C7-46CE-B07B-864C21F3ACA8}
[2012/05/12 10:00:16 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{5D043346-8E16-4594-B596-242F749B7525}
[2012/05/11 06:17:05 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{9708E791-C375-47FD-989E-B0CC497E22D0}
[2012/05/11 06:16:45 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{4D289F36-6FE0-4609-B7EE-52F9C93707D0}
[2012/05/10 18:24:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/10 18:24:55 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/10 18:24:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/10 18:24:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/10 18:24:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/10 18:23:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 18:23:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 18:23:05 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/10 16:41:51 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{F6D6394B-4CD7-4456-8EF4-2F36CF7E1046}
[2012/05/10 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{8C53A904-E437-4E31-8AEC-CE40FC85870F}
[2012/05/09 15:01:23 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{CEEBAA94-B248-4FA8-8C95-3DB2439FE054}
[2012/05/09 15:00:59 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{EDCEB298-8D2E-46BE-8489-C76DA6CB17A3}
[2012/05/08 15:09:11 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{1414BEA1-C5D2-4E31-8D00-031FCC50F508}
[2012/05/08 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\Carr\AppData\Local\{9EEB3B10-F054-4835-97E9-89A99F53DA6B}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 12:02:49 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Carr\Desktop\OTL.exe
[2012/06/07 12:00:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 12:00:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 12:00:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 12:00:23 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2105064038-4245673957-2457937185-1003UA.job
[2012/06/07 12:00:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/07 05:20:42 | 000,100,864 | ---- | M] (GMER) -- C:\pwtdqpoc.sys
[2012/06/07 05:09:45 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 00:51:35 | 004,538,527 | R--- | M] (Swearware) -- C:\Users\Carr\Desktop\myapp.com.exe
[2012/06/07 00:43:05 | 284,342,929 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/06 23:01:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Carr\Desktop\anotherapp.com.exe
[2012/06/05 13:02:06 | 000,000,000 | ---- | M] () -- C:\Users\Carr\defogger_reenable
[2012/06/05 12:52:05 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2105064038-4245673957-2457937185-1003Core.job
[2012/06/05 07:41:48 | 000,001,356 | ---- | M] () -- C:\Users\Carr\AppData\Local\d3d9caps.dat
[2012/06/04 22:03:11 | 000,022,528 | ---- | M] () -- C:\Users\Carr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 12:42:37 | 000,002,048 | ---- | M] () -- C:\Users\Carr\Desktop\Google Chrome.lnk
[2012/06/01 12:41:07 | 000,733,280 | ---- | M] (Google Inc.) -- C:\Users\Carr\Desktop\ChromeSetup.exe
[2012/05/13 16:33:26 | 000,651,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/13 16:33:26 | 000,121,942 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/13 16:31:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 06:11:54 | 000,426,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/05 13:02:06 | 000,000,000 | ---- | C] () -- C:\Users\Carr\defogger_reenable
[2012/06/05 09:18:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/05 09:18:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/05 09:18:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/05 09:18:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/05 09:18:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/01 12:42:37 | 000,002,048 | ---- | C] () -- C:\Users\Carr\Desktop\Google Chrome.lnk
[2012/06/01 12:41:19 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2105064038-4245673957-2457937185-1003UA.job
[2012/06/01 12:41:11 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2105064038-4245673957-2457937185-1003Core.job
[2012/05/13 16:31:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/18 13:08:51 | 000,001,356 | ---- | C] () -- C:\Users\Carr\AppData\Local\d3d9caps.dat
[2011/08/02 18:06:59 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\22D98F30A1.sys
[2011/08/02 18:06:56 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/05/28 22:44:11 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2010/11/30 08:22:04 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 20:08:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/29 20:08:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/29 20:06:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/11/28 01:19:13 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/13 15:27:01 | 000,022,528 | ---- | C] () -- C:\Users\Carr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/04/01 15:21:22 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\.minecraft
[2012/01/30 18:21:42 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Audacity
[2010/12/04 10:33:19 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\BITS
[2011/07/27 18:12:19 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Downloaded Installations
[2012/03/21 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Enterbrain
[2010/12/04 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\FlashGet
[2010/12/04 09:52:26 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\FlashGetBHO
[2010/12/04 10:11:48 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\GetRightToGo
[2011/12/05 23:13:53 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Hextator
[2012/04/23 22:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\OpenOffice.org
[2010/12/04 09:41:16 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Openworld Learning
[2010/12/19 13:59:35 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Publish Providers
[2010/12/06 18:02:43 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\ResHack
[2011/05/15 11:50:30 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Sony
[2010/12/20 14:14:28 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Sony Creative Software
[2010/11/29 20:20:18 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Trillian
[2012/03/17 20:38:26 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\uTorrent
[2012/05/31 16:03:32 | 000,000,000 | ---D | M] -- C:\Users\Carr\AppData\Roaming\Vulture
[2012/06/06 00:27:34 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/03/20 18:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2012/03/30 07:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2007/02/09 15:42:08 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1094082034-119326835-1571050455-500\desktop.ini
[2007/01/29 18:36:23 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-148029536-2327692586-2570477277-500\desktop.ini
[2006/12/27 17:02:46 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1560949274-1781352638-3227119750-500\desktop.ini
[2011/05/15 22:27:41 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2105064038-4245673957-2457937185-1003\$I9LJJL8.exe
[2012/06/04 21:51:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-2105064038-4245673957-2457937185-1003\$IY11RSA.exe
[2010/07/13 15:22:40 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2105064038-4245673957-2457937185-1003\desktop.ini
[2010/07/13 17:03:58 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-2105064038-4245673957-2457937185-500\desktop.ini
[2007/02/09 20:36:25 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-451604285-4206322633-424363100-500\desktop.ini
[2006/11/02 08:04:19 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-07 10:19:51

< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 00:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 00:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/18 23:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009/04/11 01:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/19 02:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006/11/02 04:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/19 00:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/19 00:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006/11/02 03:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2006/12/03 19:53:08 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=A23819D7B19E5ECF16AAD99D90291381 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Carr\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/26 22:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Carr\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2007/08/26 21:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/02/13 03:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006/11/02 04:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2011/04/12 09:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011/04/12 09:30:37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011/04/12 11:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\System32\kernel32.dll
[2011/04/12 11:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[2011/04/12 10:08:23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2009/02/13 02:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 02:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009/04/11 01:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2009/02/13 03:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008/01/19 02:34:36 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006/11/02 04:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 02:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/04/11 01:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 01:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006/11/02 04:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 02:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/10/26 06:12:53 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=2620822A21B76375F5FD6E0986407CD1 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16586_none_a43a6b8d2000830d\ntfs.sys
[2007/12/16 17:50:41 | 001,060,920 | ---- | M] (Microsoft Corporation) MD5=37430AA7A66D7A63407ADC2C0D05E9F6 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16615_none_a4851c9d1fc8a346\ntfs.sys
[2006/11/02 04:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2009/04/11 01:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/11 01:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008/01/19 02:43:40 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys
[2007/10/25 23:22:05 | 001,061,432 | ---- | M] (Microsoft Corporation) MD5=B5BE45B1F554DF9E1976CBC855365E60 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20709_none_a51d8a7c38da8c7b\ntfs.sys
[2007/12/16 17:52:59 | 001,061,944 | ---- | M] (Microsoft Corporation) MD5=F08824715CA6076F5E73E005AB83B9C8 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.20740_none_a4e9483239031830\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006/11/02 07:36:40 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008/01/19 02:35:58 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 04:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/19 02:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 04:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2007/07/24 22:21:38 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2007/07/24 22:14:39 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009/04/11 01:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008/01/19 02:33:32 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\System32\spoolsv.exe
[2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010/08/17 09:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2006/11/02 04:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[2010/08/17 08:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Users\Carr\Downloads\ResHack\ResHack\mbam\Chameleon\svchost.exe
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 01:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009/04/11 01:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008/01/19 02:36:39 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006/11/02 04:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Carr\AppData\Local\Temp\RarSFX3\userinit.exe

< End of report >
==================================

OTL Extras logfile created on: 6/7/2012 12:05:20 PM - Run 1
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Carr\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.99% Memory free
4.21 Gb Paging File | 3.16 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.51 Gb Total Space | 20.06 Gb Free Space | 29.71% Space Free | Partition Type: NTFS

Computer Name: CARR-PC | User Name: Carr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Users\Carr\Downloads\ResHack\flashdigger\FlashGet 3\FlashGet3.exe" = C:\Users\Carr\Downloads\ResHack\flashdigger\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24A16CFD-F6B3-46BB-A619-0B4406D81B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32498F8A-F03B-4345-934E-71209CF8FD1C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6116894A-4CCD-4AD5-9650-0BF80A683327}" = lport=2869 | protocol=6 | dir=in | app=system |
"{617D6601-FE23-4BE0-9160-32B3AEB21F6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{67F3B6BE-0AA4-460B-8BDA-B1B19E7E9455}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{92205116-37D5-413E-9647-947B91366E51}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5F78765-E656-4D52-BC25-C72BD872507C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BCF61665-760B-4D86-A20E-30FE69FA8AB7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8C9157B-475A-4F12-9385-3884DB22021A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E9246CDC-3A81-493C-BDBA-1902B4D2C5A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF3427E1-6C2D-4DA9-BF85-7F1FFD958C2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0428F0F5-E65A-47C7-9CFF-0AE25D7A956A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{049A25EB-8A83-474F-96F3-222A1E77E7F7}" = protocol=6 | dir=in | app=c:\users\carr\downloads\reshack\youtube downloader\utorrent\utorrent.exe |
"{063A095D-4ACA-4BE3-8B6F-FD9EA28C4233}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{332DD40B-4649-492E-8024-483AD58887F8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{40C8553F-2C70-46DE-B2A7-145AFB9186A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6B8695B6-F44E-4E2E-BCF5-6B00BDAAD4F4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7B0B56EF-FA2E-4347-999C-B4A16EA9BF63}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7E555839-C48E-4487-B244-4AD22896DF76}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8227C280-0B74-458E-8915-3EBD8F1E3B92}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{96DEEDEB-93CD-4C88-9764-BC37BFF49FF7}" = protocol=17 | dir=in | app=c:\users\carr\downloads\reshack\youtube downloader\utorrent\utorrent.exe |
"{ACD31E24-FA65-44C5-8F8B-2BB8A889E6EC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AF61EC0F-B7BE-45E7-B7FB-B46020350CD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F86373EE-222D-451F-BFD4-566E31663C6A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{028EF8A5-E959-443E-AB7A-2A83283B980F}C:\program files\messenger\msmsgs.exe" = protocol=6 | dir=in | app=c:\program files\messenger\msmsgs.exe |
"TCP Query User{1E16C0A4-DA2B-4283-848C-41BBECCA6ED3}C:\users\carr\downloads\ft_v035\nsfplay060505\plugin\mm8bdm\skulltag.exe" = protocol=6 | dir=in | app=c:\users\carr\downloads\ft_v035\nsfplay060505\plugin\mm8bdm\skulltag.exe |
"TCP Query User{201C3154-3C71-4606-8854-B0EB86DC6833}C:\users\carr\downloads\reshack\flashdigger\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\users\carr\downloads\reshack\flashdigger\flashget 3\flashget3.exe |
"TCP Query User{2B64A0B0-93D8-43F1-BE46-CEF43CB86F18}C:\users\carr\downloads\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\users\carr\downloads\trillian\trillian.exe |
"TCP Query User{E25CD192-0B30-42A6-BD95-209577098C9E}C:\users\carr\downloads\reshack\youtube downloader\visualboyadvance-1.8.0-k54\mother3_earthbound2_english_v1.1\mm8bdm\skulltag.exe" = protocol=6 | dir=in | app=c:\users\carr\downloads\reshack\youtube downloader\visualboyadvance-1.8.0-k54\mother3_earthbound2_english_v1.1\mm8bdm\skulltag.exe |
"UDP Query User{0946E146-7BF3-43E3-B497-8E4465AFBAB6}C:\users\carr\downloads\reshack\flashdigger\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\users\carr\downloads\reshack\flashdigger\flashget 3\flashget3.exe |
"UDP Query User{BBD910B3-CCEF-47B9-B84E-4DA08777B0E4}C:\users\carr\downloads\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\users\carr\downloads\trillian\trillian.exe |
"UDP Query User{D80E6008-A574-4CA2-BFE5-6FCE17C758DF}C:\program files\messenger\msmsgs.exe" = protocol=17 | dir=in | app=c:\program files\messenger\msmsgs.exe |
"UDP Query User{E0727C90-2507-47F5-BAA0-63A54729CD6F}C:\users\carr\downloads\ft_v035\nsfplay060505\plugin\mm8bdm\skulltag.exe" = protocol=17 | dir=in | app=c:\users\carr\downloads\ft_v035\nsfplay060505\plugin\mm8bdm\skulltag.exe |
"UDP Query User{E99F213B-D906-4DDA-902F-A900A1727F0D}C:\users\carr\downloads\reshack\youtube downloader\visualboyadvance-1.8.0-k54\mother3_earthbound2_english_v1.1\mm8bdm\skulltag.exe" = protocol=17 | dir=in | app=c:\users\carr\downloads\reshack\youtube downloader\visualboyadvance-1.8.0-k54\mother3_earthbound2_english_v1.1\mm8bdm\skulltag.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16C426FC-B3A4-41B8-9BED-BDAB6836F54D}" = OSU-gt RC9
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Desktop Dialer" = Desktop Dialer
"DivX Setup.divx.com" = DivX Setup
"Doom Builder 2_is1" = Doom Builder 2.1
"FlashDiggerPlus" = FlashDigger Plus
"Furcadia" = Furcadia
"G4FON Koch Method Morse Trainer" = G4FON Koch Method Morse Trainer
"Google Chrome Frame" = Google Chrome Frame
"Google Desktop" = Google Desktop
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.76
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Internet Offers from Toshiba" = Internet Offers
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NoteWorthy Composer" = NoteWorthy Composer
"Pokemon Mystery Universe Client" = Pokemon Mystery Universe Client
"Pokemon Mystery Universe Map Editor" = Pokemon Mystery Universe Map Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPGVXAce_E_is1" = RPG MAKER VX Ace
"RPGVXAce_RTP_is1" = RPG MAKER VX Ace RTP
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"Trillian" = Trillian
"uTorrent" = µTorrent
"VirtuallTek Fighter Factory Ultimate_is1" = Fighter Factory Ultimate
"Vulture-NetHack" = Vulture-Nethack
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Music Engine" = Yahoo! Music Jukebox

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2012 2:02:15 PM | Computer Name = Carr-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = The log scan number (38:312:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 6/6/2012 2:02:17 PM | Computer Name = Carr-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/6/2012 11:30:46 PM | Computer Name = Carr-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Carr\Downloads\ResHack\vegaspro90e_64bit.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/6/2012 11:31:50 PM | Computer Name = Carr-PC | Source = Application Error | ID = 1000
Description = Faulting application SPCTool.exe, version 0.70.0.50, time stamp 0x00000000,
faulting module SPCTool.exe, version 0.70.0.50, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x000982ca, process id 0x13d8, application start time
0x01cd445de2683d70.

Error - 6/7/2012 1:39:33 AM | Computer Name = Carr-PC | Source = Application Error | ID = 1000
Description = Faulting application aswMBR.exe, version 0.9.9.1665, time stamp 0x4f5f9c86,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00066626, process id 0x1e10, application start time
0x01cd44627dcc09a0.

Error - 6/7/2012 6:11:37 AM | Computer Name = Carr-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = The log scan number (38:312:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 6/7/2012 6:19:04 AM | Computer Name = Carr-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = The log scan number (38:312:1) passed to log scan in database 'model'
is not valid. This error may indicate data corruption or that the log file (.ldf)
does not match the data file (.mdf). If this error occurred during replication,
re-create the publication. Otherwise, restore from backup if the problem results
in a failure during startup.

Error - 6/7/2012 6:19:06 AM | Computer Name = Carr-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/7/2012 6:21:40 AM | Computer Name = Carr-PC | Source = Application Hang | ID = 1002
Description = The program 2ik67zjl.exe version 1.0.15.15641 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17b0 Start Time: 01cd449738f93954 Termination Time: 6

Error - 6/7/2012 6:26:01 AM | Computer Name = Carr-PC | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 6/7/2012 1:47:24 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/7/2012 1:47:24 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/7/2012 1:48:23 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 6/7/2012 4:00:12 AM | Computer Name = Carr-PC | Source = Microsoft-Windows-TBS | ID = 516
Description =

Error - 6/7/2012 6:09:33 AM | Computer Name = Carr-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:00:11 AM on 6/7/2012 was unexpected.

Error - 6/7/2012 6:11:14 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/7/2012 6:11:39 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/7/2012 6:15:48 AM | Computer Name = Carr-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 6/7/2012 6:19:04 AM | Computer Name = Carr-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 6/7/2012 6:23:56 AM | Computer Name = Carr-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >

Edited by nasdaq, 07 June 2012 - 01:25 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users