Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Drive constantly running winxp


  • This topic is locked This topic is locked
33 replies to this topic

#1 J30

J30

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 14 May 2012 - 10:23 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:14 PM, on 5/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=0.0.0.0:80
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BHO - {C277B942-1F68-486b-8F95-6E486A13F148} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: Avira SearchFree Toolbar plus WebGuard - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 7901 bytes

BC AdBot (Login to Remove)

 


#2 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 14 May 2012 - 11:08 PM

I've run antivirus and rootkit and defraggler. i can't spot any unusual processes running when drive lags.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 16 May 2012 - 08:05 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#4 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 20 May 2012 - 03:05 PM

Thank you in advance for your help.

I was unable to complete the DDS scan. It would run, but would lock up the computer towards what seemed to be the end of the scan. I disabled my AV software (avast), redownloaded from the link provided and tried again with the same results.
I did run defogger and Gmer:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-05-20 14:02:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6034GSX rev.AH101M
Running: s2ess2nc.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\kgdoqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9FF628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9FF60F9]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA06BD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 20 May 2012 - 07:38 PM

Can you run the following tools next

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Then

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 21 May 2012 - 11:28 AM

08:53:42.0718 1112 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:53:44.0718 1112 ============================================================
08:53:44.0718 1112 Current date / time: 2012/05/21 08:53:44.0718
08:53:44.0718 1112 SystemInfo:
08:53:44.0718 1112
08:53:44.0718 1112 OS Version: 5.1.2600 ServicePack: 3.0
08:53:44.0718 1112 Product type: Workstation
08:53:44.0718 1112 ComputerName: CAPTAINTRIPPS
08:53:44.0718 1112 UserName: Jim
08:53:44.0718 1112 Windows directory: C:\WINDOWS
08:53:44.0718 1112 System windows directory: C:\WINDOWS
08:53:44.0718 1112 Processor architecture: Intel x86
08:53:44.0718 1112 Number of processors: 1
08:53:44.0718 1112 Page size: 0x1000
08:53:44.0718 1112 Boot type: Normal boot
08:53:44.0718 1112 ============================================================
08:53:48.0562 1112 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:53:48.0562 1112 ============================================================
08:53:48.0562 1112 \Device\Harddisk0\DR0:
08:53:48.0562 1112 MBR partitions:
08:53:48.0562 1112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6F4A421
08:53:48.0562 1112 ============================================================
08:53:48.0624 1112 C: <-> \Device\Harddisk0\DR0\Partition0
08:53:48.0624 1112 ============================================================
08:53:48.0624 1112 Initialize success
08:53:48.0624 1112 ============================================================
08:53:51.0374 1680 ============================================================
08:53:51.0374 1680 Scan started
08:53:51.0374 1680 Mode: Manual;
08:53:51.0374 1680 ============================================================
08:53:53.0640 1680 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
08:53:53.0671 1680 Aavmker4 - ok
08:53:53.0671 1680 Abiosdsk - ok
08:53:53.0687 1680 abp480n5 - ok
08:53:53.0890 1680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:53:53.0983 1680 ACPI - ok
08:53:53.0999 1680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:53:54.0015 1680 ACPIEC - ok
08:53:54.0015 1680 adpu160m - ok
08:53:54.0124 1680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:53:54.0202 1680 aec - ok
08:53:54.0265 1680 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
08:53:54.0280 1680 AegisP - ok
08:53:54.0405 1680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:53:54.0483 1680 AFD - ok
08:53:55.0140 1680 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:53:55.0702 1680 AgereSoftModem - ok
08:53:55.0718 1680 Aha154x - ok
08:53:55.0718 1680 aic78u2 - ok
08:53:55.0733 1680 aic78xx - ok
08:53:55.0796 1680 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:53:55.0812 1680 Alerter - ok
08:53:55.0858 1680 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:53:55.0890 1680 ALG - ok
08:53:55.0890 1680 AliIde - ok
08:53:55.0905 1680 amsint - ok
08:53:56.0108 1680 Apple Mobile Device (367592efca7ff8b4ce11ab6b0744e1e2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
08:53:56.0171 1680 Apple Mobile Device - ok
08:53:56.0187 1680 AppMgmt - ok
08:53:56.0265 1680 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:53:56.0296 1680 Arp1394 - ok
08:53:56.0312 1680 asc - ok
08:53:56.0312 1680 asc3350p - ok
08:53:56.0327 1680 asc3550 - ok
08:53:56.0562 1680 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:53:56.0624 1680 aspnet_state - ok
08:53:56.0687 1680 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:53:56.0702 1680 aswFsBlk - ok
08:53:56.0765 1680 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
08:53:56.0812 1680 aswMon2 - ok
08:53:56.0858 1680 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
08:53:56.0890 1680 AswRdr - ok
08:53:57.0343 1680 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
08:53:57.0655 1680 aswSnx - ok
08:53:57.0858 1680 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
08:53:58.0030 1680 aswSP - ok
08:53:58.0077 1680 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
08:53:58.0108 1680 aswTdi - ok
08:53:58.0171 1680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:53:58.0171 1680 AsyncMac - ok
08:53:58.0249 1680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:53:58.0265 1680 atapi - ok
08:53:58.0265 1680 Atdisk - ok
08:53:58.0327 1680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:53:58.0358 1680 Atmarpc - ok
08:53:58.0437 1680 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:53:58.0452 1680 AudioSrv - ok
08:53:58.0515 1680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:53:58.0515 1680 audstub - ok
08:53:58.0671 1680 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:53:58.0671 1680 avast! Antivirus - ok
08:53:58.0780 1680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:53:58.0812 1680 Beep - ok
08:53:59.0155 1680 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:53:59.0452 1680 BITS - ok
08:53:59.0608 1680 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
08:53:59.0733 1680 Bonjour Service - ok
08:53:59.0812 1680 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:53:59.0858 1680 Browser - ok
08:53:59.0952 1680 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:53:59.0983 1680 BVRPMPR5 - ok
08:54:00.0030 1680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:54:00.0030 1680 cbidf2k - ok
08:54:00.0046 1680 cd20xrnt - ok
08:54:00.0077 1680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:54:00.0093 1680 Cdaudio - ok
08:54:00.0187 1680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:54:00.0218 1680 Cdfs - ok
08:54:00.0280 1680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:54:00.0312 1680 Cdrom - ok
08:54:00.0452 1680 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:54:00.0468 1680 CFSvcs - ok
08:54:00.0468 1680 Changer - ok
08:54:00.0530 1680 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:54:00.0530 1680 CiSvc - ok
08:54:00.0593 1680 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:54:00.0608 1680 ClipSrv - ok
08:54:00.0827 1680 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:54:00.0937 1680 clr_optimization_v2.0.50727_32 - ok
08:54:00.0983 1680 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:54:00.0983 1680 CmBatt - ok
08:54:00.0999 1680 CmdIde - ok
08:54:01.0015 1680 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:54:01.0030 1680 Compbatt - ok
08:54:01.0030 1680 COMSysApp - ok
08:54:01.0046 1680 Cpqarray - ok
08:54:01.0062 1680 Crypkey License - ok
08:54:01.0108 1680 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:54:01.0140 1680 CryptSvc - ok
08:54:01.0155 1680 dac2w2k - ok
08:54:01.0155 1680 dac960nt - ok
08:54:01.0437 1680 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:54:01.0640 1680 DcomLaunch - ok
08:54:01.0749 1680 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:54:01.0827 1680 Dhcp - ok
08:54:01.0843 1680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:54:01.0890 1680 Disk - ok
08:54:01.0952 1680 dmadmin - ok
08:54:02.0452 1680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:54:02.0874 1680 dmboot - ok
08:54:03.0015 1680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:54:03.0077 1680 dmio - ok
08:54:03.0124 1680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:54:03.0140 1680 dmload - ok
08:54:03.0187 1680 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:54:03.0202 1680 dmserver - ok
08:54:03.0249 1680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:54:03.0280 1680 DMusic - ok
08:54:03.0374 1680 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:54:03.0390 1680 Dnscache - ok
08:54:03.0546 1680 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:54:03.0655 1680 Dot3svc - ok
08:54:03.0655 1680 dpti2o - ok
08:54:03.0687 1680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:54:03.0687 1680 drmkaud - ok
08:54:03.0780 1680 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
08:54:03.0843 1680 DVD-RAM_Service - ok
08:54:03.0937 1680 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
08:54:03.0937 1680 dvd43llh - ok
08:54:04.0093 1680 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:54:04.0187 1680 e1express - ok
08:54:04.0233 1680 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:54:04.0249 1680 EapHost - ok
08:54:04.0312 1680 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:54:04.0327 1680 ERSvc - ok
08:54:04.0437 1680 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:54:04.0499 1680 Eventlog - ok
08:54:04.0687 1680 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:54:04.0812 1680 EventSystem - ok
08:54:04.0983 1680 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
08:54:05.0046 1680 EvtEng - ok
08:54:05.0171 1680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:54:05.0249 1680 Fastfat - ok
08:54:05.0358 1680 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:54:05.0437 1680 FastUserSwitchingCompatibility - ok
08:54:05.0640 1680 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
08:54:05.0796 1680 Fax - ok
08:54:05.0827 1680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:54:05.0843 1680 Fdc - ok
08:54:05.0937 1680 FdRedir (3314f3134ac59771a133a0cd3d343fff) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
08:54:05.0952 1680 FdRedir - ok
08:54:05.0983 1680 FileDisk2 (7b33f094a7a42a0225c344f5b25b1b05) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
08:54:05.0999 1680 FileDisk2 - ok
08:54:06.0030 1680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:54:06.0046 1680 Fips - ok
08:54:06.0077 1680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:54:06.0093 1680 Flpydisk - ok
08:54:06.0171 1680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:54:06.0249 1680 FltMgr - ok
08:54:06.0437 1680 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:54:06.0468 1680 FontCache3.0.0.0 - ok
08:54:06.0515 1680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:54:06.0530 1680 Fs_Rec - ok
08:54:06.0608 1680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:54:06.0671 1680 Ftdisk - ok
08:54:06.0733 1680 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:54:06.0749 1680 GEARAspiWDM - ok
08:54:06.0812 1680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:54:06.0812 1680 Gpc - ok
08:54:07.0030 1680 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:54:07.0124 1680 gupdate - ok
08:54:07.0124 1680 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
08:54:07.0124 1680 gupdatem - ok
08:54:07.0249 1680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:54:07.0312 1680 HDAudBus - ok
08:54:07.0452 1680 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:54:07.0468 1680 helpsvc - ok
08:54:07.0483 1680 HidServ - ok
08:54:07.0515 1680 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:54:07.0530 1680 HidUsb - ok
08:54:07.0640 1680 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:54:07.0671 1680 hkmsvc - ok
08:54:07.0687 1680 hpn - ok
08:54:07.0874 1680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:54:07.0999 1680 HTTP - ok
08:54:08.0030 1680 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:54:08.0062 1680 HTTPFilter - ok
08:54:08.0077 1680 i2omgmt - ok
08:54:08.0077 1680 i2omp - ok
08:54:08.0140 1680 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:54:08.0171 1680 i8042prt - ok
08:54:08.0968 1680 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:54:09.0687 1680 ialm - ok
08:54:10.0312 1680 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:54:10.0765 1680 idsvc - ok
08:54:11.0218 1680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:54:11.0233 1680 Imapi - ok
08:54:11.0374 1680 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:54:11.0452 1680 ImapiService - ok
08:54:11.0468 1680 ini910u - ok
08:54:13.0905 1680 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:54:15.0999 1680 IntcAzAudAddService - ok
08:54:16.0499 1680 IntelIde - ok
08:54:16.0577 1680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:54:16.0593 1680 intelppm - ok
08:54:16.0640 1680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:54:16.0687 1680 Ip6Fw - ok
08:54:16.0718 1680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:54:16.0733 1680 IpFilterDriver - ok
08:54:16.0796 1680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:54:16.0812 1680 IpInIp - ok
08:54:16.0921 1680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:54:16.0999 1680 IpNat - ok
08:54:17.0062 1680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:54:17.0093 1680 IPSec - ok
08:54:17.0155 1680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:54:17.0155 1680 IRENUM - ok
08:54:17.0218 1680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:54:17.0233 1680 isapnp - ok
08:54:17.0265 1680 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
08:54:17.0280 1680 Iviaspi - ok
08:54:17.0515 1680 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
08:54:17.0593 1680 JavaQuickStarterService - ok
08:54:17.0624 1680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:54:17.0640 1680 Kbdclass - ok
08:54:17.0780 1680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:54:17.0780 1680 kmixer - ok
08:54:17.0921 1680 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
08:54:18.0015 1680 KR10N - ok
08:54:18.0108 1680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:54:18.0155 1680 KSecDD - ok
08:54:18.0265 1680 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:54:18.0327 1680 lanmanserver - ok
08:54:18.0452 1680 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:54:18.0530 1680 lanmanworkstation - ok
08:54:18.0546 1680 lbrtfdc - ok
08:54:18.0577 1680 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:54:18.0593 1680 LmHosts - ok
08:54:18.0671 1680 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
08:54:18.0718 1680 meiudf - ok
08:54:18.0765 1680 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:54:18.0780 1680 Messenger - ok
08:54:18.0827 1680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:54:18.0827 1680 mnmdd - ok
08:54:18.0905 1680 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:54:18.0937 1680 mnmsrvc - ok
08:54:18.0999 1680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:54:19.0046 1680 Modem - ok
08:54:19.0108 1680 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
08:54:19.0124 1680 motmodem - ok
08:54:19.0171 1680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:54:19.0171 1680 Mouclass - ok
08:54:19.0249 1680 moufiltr (6ed1d87904edfbd26dfb31abf1040d92) C:\WINDOWS\system32\DRIVERS\moufiltr.sys
08:54:19.0296 1680 moufiltr - ok
08:54:19.0343 1680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:54:19.0343 1680 mouhid - ok
08:54:19.0405 1680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:54:19.0405 1680 MountMgr - ok
08:54:19.0421 1680 mraid35x - ok
08:54:19.0515 1680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:54:19.0577 1680 MRxDAV - ok
08:54:19.0858 1680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:54:20.0062 1680 MRxSmb - ok
08:54:20.0108 1680 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:54:20.0124 1680 MSDTC - ok
08:54:20.0171 1680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:54:20.0171 1680 Msfs - ok
08:54:20.0187 1680 MSIServer - ok
08:54:20.0202 1680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:54:20.0202 1680 MSKSSRV - ok
08:54:20.0218 1680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:54:20.0218 1680 MSPCLOCK - ok
08:54:20.0233 1680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:54:20.0233 1680 MSPQM - ok
08:54:20.0265 1680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:54:20.0265 1680 mssmbios - ok
08:54:20.0390 1680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:54:20.0405 1680 Mup - ok
08:54:20.0593 1680 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:54:20.0749 1680 napagent - ok
08:54:20.0858 1680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:54:20.0952 1680 NDIS - ok
08:54:21.0046 1680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:54:21.0046 1680 NdisTapi - ok
08:54:21.0124 1680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:54:21.0124 1680 Ndisuio - ok
08:54:21.0218 1680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:54:21.0218 1680 NdisWan - ok
08:54:21.0280 1680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:54:21.0280 1680 NDProxy - ok
08:54:21.0312 1680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:54:21.0312 1680 NetBIOS - ok
08:54:21.0437 1680 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:54:21.0483 1680 NetBT - ok
08:54:21.0608 1680 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:54:21.0702 1680 NetDDE - ok
08:54:21.0718 1680 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:54:21.0749 1680 NetDDEdsdm - ok
08:54:21.0780 1680 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
08:54:21.0780 1680 Netdevio - ok
08:54:21.0827 1680 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:54:21.0827 1680 Netlogon - ok
08:54:21.0968 1680 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:54:22.0062 1680 Netman - ok
08:54:22.0265 1680 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:54:22.0343 1680 NetTcpPortSharing - ok
08:54:22.0374 1680 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
08:54:22.0390 1680 NetworkX - ok
08:54:22.0437 1680 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:54:22.0452 1680 NIC1394 - ok
08:54:22.0624 1680 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:54:22.0749 1680 Nla - ok
08:54:22.0905 1680 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
08:54:22.0952 1680 NMSAccessU - ok
08:54:23.0015 1680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:54:23.0015 1680 Npfs - ok
08:54:23.0343 1680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:54:23.0593 1680 Ntfs - ok
08:54:23.0640 1680 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:54:23.0655 1680 NtLmSsp - ok
08:54:23.0937 1680 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:54:24.0171 1680 NtmsSvc - ok
08:54:24.0218 1680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:54:24.0218 1680 Null - ok
08:54:24.0265 1680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:54:24.0265 1680 NwlnkFlt - ok
08:54:24.0296 1680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:54:24.0296 1680 NwlnkFwd - ok
08:54:24.0343 1680 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:54:24.0343 1680 ohci1394 - ok
08:54:24.0468 1680 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:54:24.0515 1680 ose - ok
08:54:24.0608 1680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:54:24.0608 1680 Parport - ok
08:54:24.0655 1680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:54:24.0655 1680 PartMgr - ok
08:54:24.0687 1680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:54:24.0687 1680 ParVdm - ok
08:54:24.0733 1680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:54:24.0733 1680 PCI - ok
08:54:24.0749 1680 PCIDump - ok
08:54:24.0749 1680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:54:24.0749 1680 PCIIde - ok
08:54:24.0827 1680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:54:24.0858 1680 Pcmcia - ok
08:54:24.0874 1680 PDCOMP - ok
08:54:24.0874 1680 PDFRAME - ok
08:54:24.0890 1680 PDRELI - ok
08:54:24.0890 1680 PDRFRAME - ok
08:54:24.0905 1680 perc2 - ok
08:54:24.0905 1680 perc2hib - ok
08:54:24.0968 1680 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
08:54:24.0968 1680 Pfc - ok
08:54:25.0280 1680 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:54:25.0296 1680 PlugPlay - ok
08:54:25.0296 1680 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:54:25.0312 1680 PolicyAgent - ok
08:54:25.0358 1680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:54:25.0358 1680 PptpMiniport - ok
08:54:25.0374 1680 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:54:25.0374 1680 ProtectedStorage - ok
08:54:25.0421 1680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:54:25.0421 1680 PSched - ok
08:54:25.0468 1680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:54:25.0468 1680 Ptilink - ok
08:54:25.0515 1680 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:54:25.0515 1680 PxHelp20 - ok
08:54:25.0515 1680 ql1080 - ok
08:54:25.0530 1680 Ql10wnt - ok
08:54:25.0546 1680 ql12160 - ok
08:54:25.0546 1680 ql1240 - ok
08:54:25.0562 1680 ql1280 - ok
08:54:25.0577 1680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:54:25.0577 1680 RasAcd - ok
08:54:25.0671 1680 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:54:25.0718 1680 RasAuto - ok
08:54:25.0780 1680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:54:25.0780 1680 Rasl2tp - ok
08:54:25.0937 1680 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:54:26.0108 1680 RasMan - ok
08:54:26.0140 1680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:54:26.0155 1680 RasPppoe - ok
08:54:26.0171 1680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:54:26.0171 1680 Raspti - ok
08:54:26.0327 1680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:54:26.0374 1680 Rdbss - ok
08:54:26.0390 1680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:54:26.0390 1680 RDPCDD - ok
08:54:26.0515 1680 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:54:26.0562 1680 RDPWD - ok
08:54:26.0671 1680 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:54:26.0749 1680 RDSessMgr - ok
08:54:26.0796 1680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:54:26.0796 1680 redbook - ok
08:54:27.0062 1680 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
08:54:27.0171 1680 RegSrvc - ok
08:54:27.0265 1680 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:54:27.0296 1680 RemoteAccess - ok
08:54:27.0358 1680 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:54:27.0405 1680 RpcLocator - ok
08:54:27.0655 1680 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:54:27.0671 1680 RpcSs - ok
08:54:27.0812 1680 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:54:27.0890 1680 RSVP - ok
08:54:28.0265 1680 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
08:54:28.0546 1680 S24EventMonitor - ok
08:54:28.0687 1680 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
08:54:28.0687 1680 s24trans - ok
08:54:28.0749 1680 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:54:28.0749 1680 SamSs - ok
08:54:28.0827 1680 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:54:28.0890 1680 SCardSvr - ok
08:54:29.0046 1680 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:54:29.0155 1680 Schedule - ok
08:54:29.0218 1680 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:54:29.0218 1680 sdbus - ok
08:54:29.0280 1680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:54:29.0280 1680 Secdrv - ok
08:54:29.0327 1680 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:54:29.0343 1680 seclogon - ok
08:54:29.0390 1680 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:54:29.0421 1680 SENS - ok
08:54:29.0468 1680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:54:29.0483 1680 Serial - ok
08:54:29.0515 1680 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
08:54:29.0515 1680 sffdisk - ok
08:54:29.0562 1680 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
08:54:29.0562 1680 sffp_sd - ok
08:54:29.0593 1680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:54:29.0593 1680 Sfloppy - ok
08:54:29.0812 1680 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:54:29.0983 1680 SharedAccess - ok
08:54:30.0108 1680 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:54:30.0108 1680 ShellHWDetection - ok
08:54:30.0124 1680 Simbad - ok
08:54:30.0233 1680 smihlp (94eede27fd7d46707be49127922695a7) C:\Program Files\Protector Suite QL\smihlp.sys
08:54:30.0249 1680 smihlp - ok
08:54:30.0265 1680 Sparrow - ok
08:54:30.0312 1680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:54:30.0327 1680 splitter - ok
08:54:30.0421 1680 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:54:30.0452 1680 Spooler - ok
08:54:30.0515 1680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:54:30.0515 1680 sr - ok
08:54:30.0655 1680 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:54:30.0749 1680 srservice - ok
08:54:30.0999 1680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:54:31.0171 1680 Srv - ok
08:54:31.0233 1680 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:54:31.0265 1680 SSDPSRV - ok
08:54:31.0499 1680 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:54:31.0671 1680 stisvc - ok
08:54:31.0718 1680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:54:31.0718 1680 swenum - ok
08:54:31.0765 1680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:54:31.0765 1680 swmidi - ok
08:54:31.0780 1680 SwPrv - ok
08:54:31.0874 1680 Swupdtmr (486a64aabd88e4e174681e89e9736bc9) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
08:54:31.0890 1680 Swupdtmr - ok
08:54:31.0905 1680 symc810 - ok
08:54:31.0905 1680 symc8xx - ok
08:54:31.0921 1680 sym_hi - ok
08:54:31.0937 1680 sym_u3 - ok
08:54:32.0093 1680 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
08:54:32.0187 1680 SynTP - ok
08:54:32.0265 1680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:54:32.0296 1680 sysaudio - ok
08:54:32.0374 1680 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:54:32.0421 1680 SysmonLog - ok
08:54:32.0577 1680 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:54:32.0702 1680 TapiSrv - ok
08:54:32.0843 1680 TAPPSRV (90861642fd6d8fafb1408ee26fa93cb4) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
08:54:32.0858 1680 TAPPSRV - ok
08:54:32.0890 1680 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
08:54:32.0890 1680 tbiosdrv - ok
08:54:33.0140 1680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:54:33.0296 1680 Tcpip - ok
08:54:33.0374 1680 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
08:54:33.0374 1680 TcUsb - ok
08:54:33.0437 1680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:54:33.0437 1680 TDPIPE - ok
08:54:33.0483 1680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:54:33.0483 1680 TDTCP - ok
08:54:33.0546 1680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:54:33.0562 1680 TermDD - ok
08:54:33.0765 1680 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:54:33.0937 1680 TermService - ok
08:54:34.0046 1680 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:54:34.0062 1680 Themes - ok
08:54:34.0218 1680 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
08:54:34.0265 1680 tifm21 - ok
08:54:34.0265 1680 TosIde - ok
08:54:34.0312 1680 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
08:54:34.0312 1680 tosrfec - ok
08:54:34.0390 1680 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:54:34.0437 1680 TrkWks - ok
08:54:34.0468 1680 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
08:54:34.0468 1680 TVALD - ok
08:54:34.0515 1680 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
08:54:34.0530 1680 Tvs - ok
08:54:34.0577 1680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:54:34.0577 1680 Udfs - ok
08:54:34.0593 1680 ultra - ok
08:54:34.0843 1680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:54:35.0030 1680 Update - ok
08:54:35.0171 1680 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:54:35.0343 1680 upnphost - ok
08:54:35.0358 1680 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:54:35.0390 1680 UPS - ok
08:54:35.0483 1680 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:54:35.0483 1680 USBAAPL - ok
08:54:35.0515 1680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:54:35.0515 1680 usbehci - ok
08:54:35.0608 1680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:54:35.0624 1680 usbhub - ok
08:54:35.0655 1680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:54:35.0671 1680 usbprint - ok
08:54:35.0687 1680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:54:35.0687 1680 USBSTOR - ok
08:54:35.0718 1680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:54:35.0718 1680 usbuhci - ok
08:54:35.0733 1680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:54:35.0749 1680 VgaSave - ok
08:54:35.0749 1680 ViaIde - ok
08:54:35.0796 1680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:54:35.0796 1680 VolSnap - ok
08:54:36.0030 1680 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:54:36.0202 1680 VSS - ok
08:54:36.0327 1680 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:54:36.0421 1680 W32Time - ok
08:54:37.0358 1680 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
08:54:38.0077 1680 w39n51 - ok
08:54:38.0624 1680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:54:38.0624 1680 Wanarp - ok
08:54:38.0702 1680 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
08:54:38.0702 1680 wanatw - ok
08:54:39.0108 1680 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:54:39.0327 1680 Wdf01000 - ok
08:54:39.0327 1680 WDICA - ok
08:54:39.0405 1680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:54:39.0468 1680 wdmaud - ok
08:54:39.0546 1680 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:54:39.0593 1680 WebClient - ok
08:54:39.0749 1680 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:54:39.0827 1680 winmgmt - ok
08:54:39.0890 1680 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:54:39.0905 1680 WmdmPmSN - ok
08:54:40.0030 1680 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:54:40.0093 1680 WmiApSrv - ok
08:54:40.0687 1680 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:54:41.0155 1680 WMPNetworkSvc - ok
08:54:41.0312 1680 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:54:41.0312 1680 WpdUsb - ok
08:54:41.0374 1680 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:54:41.0374 1680 WS2IFSL - ok
08:54:41.0499 1680 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:54:41.0546 1680 wscsvc - ok
08:54:41.0593 1680 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:54:41.0608 1680 wuauserv - ok
08:54:41.0718 1680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:54:41.0718 1680 WudfPf - ok
08:54:41.0796 1680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:54:41.0796 1680 WudfRd - ok
08:54:41.0858 1680 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:54:41.0890 1680 WudfSvc - ok
08:54:42.0233 1680 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:54:42.0515 1680 WZCSVC - ok
08:54:42.0593 1680 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:54:42.0671 1680 xmlprov - ok
08:54:42.0718 1680 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
08:54:43.0265 1680 \Device\Harddisk0\DR0 - ok
08:54:43.0296 1680 Boot (0x1200) (f59e495317c43cfb23fc1aa01e3e4f42) \Device\Harddisk0\DR0\Partition0
08:54:43.0312 1680 \Device\Harddisk0\DR0\Partition0 - ok
08:54:43.0312 1680 ============================================================
08:54:43.0312 1680 Scan finished
08:54:43.0312 1680 ============================================================
08:54:43.0327 1548 Detected object count: 0
08:54:43.0327 1548 Actual detected object count: 0
08:54:56.0468 4020 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 10:01:14
-----------------------------
10:01:14.921 OS Version: Windows 5.1.2600 Service Pack 3
10:01:14.921 Number of processors: 1 586 0xE08
10:01:14.921 ComputerName: CAPTAINTRIPPS UserName: Jim
10:01:16.953 Initialize success
10:01:17.062 AVAST engine defs: 12052100
10:01:18.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:01:18.437 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101M Size: 57231MB BusType: 3
10:01:18.484 Disk 0 MBR read successfully
10:01:18.484 Disk 0 MBR scan
10:01:18.484 Disk 0 Windows XP default MBR code
10:01:18.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 56980 MB offset 63
10:01:18.515 Disk 0 Partition 2 00 88 Linux plaintext A Kárň'ó 251 MB offset 116696160
10:01:18.531 Disk 0 scanning sectors +117210240
10:01:18.609 Disk 0 scanning C:\WINDOWS\system32\drivers
10:01:54.203 Service scanning
10:02:38.078 Modules scanning
10:03:06.437 Disk 0 trace - called modules:
10:03:06.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
10:03:06.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ee7ab8]
10:03:06.968 3 CLASSPNP.SYS[f77defd7] -> nt!IofCallDriver -> \Device\00000082[0x86f022b8]
10:03:06.968 5 ACPI.sys[f7735620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f83d98]
10:03:08.250 AVAST engine scan C:\WINDOWS
10:03:23.453 AVAST engine scan C:\WINDOWS\system32
10:10:36.125 AVAST engine scan C:\WINDOWS\system32\drivers
10:11:19.625 AVAST engine scan C:\Documents and Settings\Jim
10:17:19.203 AVAST engine scan C:\Documents and Settings\All Users
10:23:49.500 Scan finished successfully
10:24:49.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jim\Desktop\MBR.dat"
10:24:49.734 The log file has been saved successfully to "C:\Documents and Settings\Jim\Desktop\aswMBR.txt"

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 21 May 2012 - 02:14 PM

Nothing strange there. Please run OTL, a scanner much like DDS but with hidden depths.

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#8 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 21 May 2012 - 04:56 PM

OTL logfile created on: 5/21/2012 3:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 415.32 Mb Available Physical Memory | 40.96% Memory free
2.39 Gb Paging File | 1.87 Gb Available in Paging File | 78.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 10.84 Gb Free Space | 19.48% Space Free | Partition Type: NTFS

Computer Name: CAPTAINTRIPPS | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 15:39:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2012/05/08 21:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/07 17:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/05 19:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/12/20 13:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/17 17:44:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2005/08/16 13:23:12 | 000,188,416 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/21 12:18:48 | 001,761,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052101\algo.dll
MOD - [2012/05/21 01:28:42 | 001,761,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052100\algo.dll
MOD - [2012/05/08 21:04:52 | 000,441,840 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll
MOD - [2012/05/08 21:04:51 | 003,921,904 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012/05/08 21:03:36 | 000,553,456 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012/05/08 21:03:35 | 000,117,744 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012/05/08 21:03:25 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012/05/08 21:03:24 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012/05/08 21:03:23 | 002,375,680 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2005/11/28 13:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 13:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/23 16:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 19:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/07 17:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/12/20 13:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/06 21:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/03/13 16:39:16 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008/03/17 10:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/05 20:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 19:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 19:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/12/09 18:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 11:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 13:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 12:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 16:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 16:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 02:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{CB494FDB-1F66-42F8-83FB-19CE76D48CF0}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE0006
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{CCB539D2-546A-4D5B-8401-487C2ABA1EE7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=0.0.0.0:80


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: SaferChrome = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgpkjjingioekjianemgdobchenebhek\0.2.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Space Planet = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\

O1 HOSTS File: ([2009/11/01 20:11:21 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (BHO) - {C277B942-1F68-486b-8F95-6E486A13F148} - File not found
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145B63A9-4C1B-49D6-A8F3-A48862667E63}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 21:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell - "" = Autorun
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-3-26-100032082-100003447-100023084-6283.com e:\
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\Open\command - "" = E:\RECYCLER\S-0-3-26-100032082-100003447-100023084-6283.com e:\
O33 - MountPoints2\{f2c655d6-8d34-11de-9edf-0018ded1d23a}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2012/05/21 15:39:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/05/21 15:17:38 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Jim\Local Settings\My Documents\My Safe
[2012/05/21 12:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2012/05/21 09:05:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/05/20 14:07:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.com
[2012/05/20 13:07:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Administrative Tools
[2012/05/14 22:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/14 22:08:17 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/14 22:08:16 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/14 22:08:11 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/14 22:08:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/14 22:08:09 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/14 22:08:07 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/14 22:08:07 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/14 22:08:06 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/14 22:05:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/14 22:05:04 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/14 22:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/14 22:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\HiJackThis
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2012/05/21 15:39:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/05/21 15:31:06 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 15:31:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1007UA.job
[2012/05/21 15:30:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/21 15:30:38 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 12:04:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 12:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/21 11:29:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1006UA.job
[2012/05/21 11:16:40 | 028,064,612 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\skepticast2012-05-19.mp3
[2012/05/21 10:24:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2012/05/21 10:11:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/05/21 09:07:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/05/20 14:07:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.com
[2012/05/20 14:00:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\s2ess2nc.exe
[2012/05/20 13:58:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Defogger.exe
[2012/05/20 08:36:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/15 23:29:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1006Core.job
[2012/05/14 22:39:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/14 22:24:34 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2012/05/11 12:31:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1007Core.job
[2012/05/11 00:25:05 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 01:22:30 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 01:22:30 | 000,073,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/07 11:53:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/01 21:29:30 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 11:12:28 | 028,064,612 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\skepticast2012-05-19.mp3
[2012/05/21 10:24:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2012/05/20 14:00:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\s2ess2nc.exe
[2012/05/20 13:58:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Defogger.exe
[2012/05/07 11:53:49 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/01 21:29:30 | 000,002,257 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/05 08:30:37 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2012/02/14 18:55:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 00:24:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/06 00:24:31 | 000,257,286 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\census.cache
[2012/01/06 00:24:09 | 000,194,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\ars.cache
[2011/07/05 22:30:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >



OTL Extras logfile created on: 5/21/2012 3:46:03 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 415.32 Mb Available Physical Memory | 40.96% Memory free
2.39 Gb Paging File | 1.87 Gb Available in Paging File | 78.19% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 10.84 Gb Free Space | 19.48% Space Free | Partition Type: NTFS

Computer Name: CAPTAINTRIPPS | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Jim\Desktop\utorrent.exe" = C:\Documents and Settings\Jim\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus / Vuze


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80D95911-28E9-40AC-A6B5-1DA6D9F14B29}" = Software Suite
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DFC3E171-965F-4C07-AA42-05F6F5B7380B}_is1" = RAR Opener version 1.0
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"sat_screensaver_30mb.scr" = sat_screensaver_30mb
"Stellarium_is1" = Stellarium 0.9.1
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.6 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2012 2:04:25 PM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application cdbxpp.exe, version 4.2.4.1272, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2012 2:04:29 PM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application cdbxpp.exe, version 4.2.4.1272, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2012 1:00:56 PM | Computer Name = CAPTAINTRIPPS | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 18.0.1025.162, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00009823.

Error - 4/18/2012 10:06:26 PM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/20/2012 1:18:59 PM | Computer Name = CAPTAINTRIPPS | Source = Application Error | ID = 1000
Description = Faulting application wmpnetwk.exe, version 11.0.5721.5145, faulting
module ole32.dll, version 5.1.2600.6168, fault address 0x00121f3b.

Error - 4/25/2012 11:25:06 AM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/25/2012 11:25:09 AM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.162, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2012 4:29:48 PM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 18.0.1025.168, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/20/2012 11:35:35 AM | Computer Name = CAPTAINTRIPPS | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.5512, faulting module
ole32.dll, version 5.1.2600.6168, fault address 0x0009b022.

Error - 5/21/2012 5:45:47 PM | Computer Name = CAPTAINTRIPPS | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.43.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/18/2012 8:49:04 AM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/18/2012 8:49:10 AM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/18/2012 8:49:17 AM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/18/2012 8:49:24 AM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/18/2012 8:49:31 AM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/18/2012 10:11:09 AM | Computer Name = CAPTAINTRIPPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {5DDFFCF7-03EF-47B3-9527-FA3C25CB56BE}.
The
error: "%2" Happened while starting this command: C:\Program Files\Microsoft Works\WkDStore.exe
-Embedding

Error - 5/20/2012 5:42:41 PM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/20/2012 5:42:48 PM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/20/2012 5:42:55 PM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/20/2012 5:43:02 PM | Computer Name = CAPTAINTRIPPS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 21 May 2012 - 08:00 PM

We've got a lot of remnants but also some malware so please rerun OTL

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    O2 - BHO: (BHO) - {C277B942-1F68-486b-8F95-6E486A13F148} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O3 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    [2012/04/05 08:30:37 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
    
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Please then rerun OTL as a scan and post the new look
Posted Image
m0le is a proud member of UNITE

#10 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 21 May 2012 - 10:28 PM

========== OTL ==========
Error: No service named WDICA was found to stop!
Service\Driver key WDICA not found.
Error: No service named PDRFRAME was found to stop!
Service\Driver key PDRFRAME not found.
Error: No service named PDRELI was found to stop!
Service\Driver key PDRELI not found.
Error: No service named PDFRAME was found to stop!
Service\Driver key PDFRAME not found.
Error: No service named PDCOMP was found to stop!
Service\Driver key PDCOMP not found.
Error: No service named PCIDump was found to stop!
Service\Driver key PCIDump not found.
Error: No service named lbrtfdc was found to stop!
Service\Driver key lbrtfdc not found.
Error: No service named i2omgmt was found to stop!
Service\Driver key i2omgmt not found.
Error: No service named Changer was found to stop!
Service\Driver key Changer not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C277B942-1F68-486b-8F95-6E486A13F148}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C277B942-1F68-486b-8F95-6E486A13F148}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_USERS\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy not found.
File C:\WINDOWS\jestertb.dll not found.

OTL by OldTimer - Version 3.2.43.1 log created on 05212012_212152

OTL logfile created on: 5/21/2012 9:22:20 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 508.23 Mb Available Physical Memory | 50.12% Memory free
2.39 Gb Paging File | 2.00 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.65 Gb Total Space | 10.77 Gb Free Space | 19.35% Space Free | Partition Type: NTFS

Computer Name: CAPTAINTRIPPS | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 15:39:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2012/05/08 21:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/07 17:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/05 19:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/12/20 13:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 14:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/21 12:18:48 | 001,761,792 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052101\algo.dll
MOD - [2012/05/08 21:04:52 | 000,441,840 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll
MOD - [2012/05/08 21:04:51 | 003,921,904 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012/05/08 21:03:36 | 000,553,456 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012/05/08 21:03:35 | 000,117,744 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012/05/08 21:03:25 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012/05/08 21:03:24 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012/05/08 21:03:23 | 002,375,680 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2005/11/28 13:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 13:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2004/07/20 19:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/07 17:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/12/20 13:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/06 21:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/03/13 16:39:16 | 000,062,592 | ---- | M] (Chic Tech.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008/03/17 10:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/05/05 20:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 19:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 19:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/12/09 18:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 11:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 13:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 12:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 11:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 16:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 16:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/01/12 02:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{CB494FDB-1F66-42F8-83FB-19CE76D48CF0}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE0006
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\..\SearchScopes\{CCB539D2-546A-4D5B-8401-487C2ABA1EE7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-495049372-740691935-3917352574-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=0.0.0.0:80


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: SaferChrome = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgpkjjingioekjianemgdobchenebhek\0.2.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Space Planet = C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0\

O1 HOSTS File: ([2009/11/01 20:11:21 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-495049372-740691935-3917352574-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{145B63A9-4C1B-49D6-A8F3-A48862667E63}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/18 21:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell - "" = Autorun
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-3-26-100032082-100003447-100023084-6283.com e:\
O33 - MountPoints2\{378d218c-1020-11de-9de7-0018ded1d23a}\Shell\Open\command - "" = E:\RECYCLER\S-0-3-26-100032082-100003447-100023084-6283.com e:\
O33 - MountPoints2\{f2c655d6-8d34-11de-9edf-0018ded1d23a}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 21:14:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/21 21:13:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/21 21:12:35 | 000,000,000 | ---D | C] -- C:\98afe4e3477ec2aef8
[2012/05/21 21:01:16 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Jim\Local Settings\My Documents\My Safe
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2012/05/21 15:39:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/05/21 12:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2012/05/21 09:05:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/05/20 14:07:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.com
[2012/05/20 13:07:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Administrative Tools
[2012/05/14 22:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/14 22:08:17 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/14 22:08:16 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/14 22:08:11 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/14 22:08:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/14 22:08:09 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/14 22:08:07 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/14 22:08:07 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/14 22:08:06 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/14 22:05:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/14 22:05:04 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/14 22:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/14 22:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/14 20:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\HiJackThis
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 21:17:12 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 21:16:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/21 21:16:49 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 21:04:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 21:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jim\Desktop\TDSSKiller.exe
[2012/05/21 15:39:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/05/21 15:31:02 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1007UA.job
[2012/05/21 11:29:02 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1006UA.job
[2012/05/21 11:16:40 | 028,064,612 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\skepticast2012-05-19.mp3
[2012/05/21 10:24:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2012/05/21 10:11:01 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2012/05/21 09:07:02 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2012/05/20 14:07:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\dds.com
[2012/05/20 14:00:09 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\s2ess2nc.exe
[2012/05/20 13:58:24 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Defogger.exe
[2012/05/20 08:36:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/15 23:29:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1006Core.job
[2012/05/14 22:39:16 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/14 22:24:34 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2012/05/11 12:31:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-495049372-740691935-3917352574-1007Core.job
[2012/05/11 00:25:05 | 000,160,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 01:22:30 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/10 01:22:30 | 000,073,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/07 11:53:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/01 21:29:30 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 11:12:28 | 028,064,612 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\skepticast2012-05-19.mp3
[2012/05/21 10:24:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\MBR.dat
[2012/05/20 14:00:08 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\s2ess2nc.exe
[2012/05/20 13:58:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Defogger.exe
[2012/05/07 11:53:49 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/01 21:29:30 | 000,002,257 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/14 18:55:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/06 00:24:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2012/01/06 00:24:31 | 000,257,286 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\census.cache
[2012/01/06 00:24:09 | 000,194,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\ars.cache
[2011/07/05 22:30:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 22 May 2012 - 06:37 PM

Despite the second log showing Not Found I think the first run removed all the items fine.

Please run an online scan with ESET next

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#12 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 22 May 2012 - 09:58 PM

no results. as an aside, there's a windows update that will not "stay installed". It keeps downloading, even though every time it tells me "Installation complete" like normal: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2572073


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=00b6e679a00fac4d9f6d8990b67ff1b2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-23 02:19:53
# local_time=2012-05-22 08:19:53 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59860
# found=0
# cleaned=0
# scan_time=8388

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 23 May 2012 - 05:41 PM

I'm not running XP so I'm going on this instruction here

  • Click Start, Control Panel and then Add/Remove Programs.
  • Make sure the “Show Updates” box is checked (it’s located in the upper right of the tool)
  • Scan through the list and see if you can find the KB2572073 update. If you find it then remove it.
  • Reboot and that should stop it.

Your machine looks clean now. Are there any other issues?
Posted Image
m0le is a proud member of UNITE

#14 J30

J30
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:01:14 AM

Posted 24 May 2012 - 05:11 PM

still having the same problems, it hasn't really changed. Slow boot up, a lot of lag time when I'm not running anything in particular. Even the Windows startup music "drags out". I haven't added any strange programs to run at startup (note that the "lag" problem isn't just at startup, it's all the time). I will check again to make sure there isn't anything running that shouldn't be. It does seem that I have a lot of processes running, more than there used to, but that could be my imagination...

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:14 AM

Posted 24 May 2012 - 05:27 PM

This appears to be hardware rather than malware.

I think we'd be better off running chkdsk and see if that finds any issues

In case you were unaware, chkdsk will verify and repair the file system

Step One: Click Start, select Run

Step Two: In the box, type cmd

Step Three: Click Ok

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users