Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GOOGLE RE DIRECT ZERO ACCESS ROOTKIT LOGS


  • Please log in to reply
21 replies to this topic

#1 toshiba au

toshiba au

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 17 July 2012 - 12:23 AM

Referred from here: http://www.bleepingcomputer.com/forums/topic460894.html ~ OB

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by test at 18:51:57 on 2012-01-06
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.3066.1633 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\HSPA USB MODEM\Hspa USB Modem.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TrueSuite Access Manager\CssSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Mobile Partner] "c:\program files\dodo wireless broadband\Dodo Wireless Broadband.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [userinit] c:\users\test\appdata\local\microsoft\windows\temporary internet files\content.ie5\z6hlsk63\3f93e9f[1].exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ModemListener] c:\program files\hspa usb modem\ModemListener.exe start
dRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
dRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
StartupFolder: c:\users\test\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\mioplanet\desktop currency converter\Desktop Currency Converter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: brp.com\epc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-au.cab
TCP: Interfaces\{543145CE-599E-4F54-BE30-F6E0F73A5653} : NameServer = 202.136.43.208 202.136.42.208
TCP: Interfaces\{75C1AD58-1AFA-444B-886F-2080FAC095EF} : DhcpNameServer = 211.31.138.11 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2009-3-19 42608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-13 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-13 267944]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2009-3-19 49152]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-13 61960]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-10-28 5120]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-6 3658752]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-4-15 51160]
R3 qcusbser;Modem Interface USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2011-10-18 103552]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-10 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-25 73728]
S3 ExpressInvoiceService;Express Invoice;c:\program files\nch software\expressinvoice\expressinvoice.exe [2010-5-17 3088388]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-3-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-3-19 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vci109w3;USB-to-CAN compact;c:\windows\system32\drivers\vci109w3.sys [2010-1-23 173448]
.
=============== Created Last 30 ================
.
2012-01-04 14:59:48 -------- d-----w- C:\rei
2012-01-04 14:59:20 -------- d-----w- c:\program files\Reimage
2012-01-03 02:20:33 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c62412e-9bba-4a75-8dfb-887578940611}\offreg.dll
2012-01-02 13:10:39 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6c62412e-9bba-4a75-8dfb-887578940611}\mpengine.dll
2012-01-02 11:53:01 -------- d-----w- c:\programdata\Premium
2012-01-02 11:52:59 -------- d-----w- c:\programdata\InstallMate
2012-01-02 11:30:47 -------- d-----w- c:\programdata\Windows
.
==================== Find3M ====================
.
2011-11-15 03:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:55:27.17 ===============









I was unable to get gmer working, everytime i use it my computer freezes up


Dave

Edited by Orange Blossom, 20 July 2012 - 10:18 PM.


BC AdBot (Login to Remove)

 


#2 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 20 July 2012 - 11:30 PM

I see the page has been edited..? any help yet?



Dave

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 21 July 2012 - 02:57 AM

Hello Dave and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 22 July 2012 - 07:39 AM

Hi ST & Thank you for your time

Computer seems to be running ok... still chewing up interent

Here are the logs as requested



21:51:25.0682 4652 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:51:27.0692 4652 ============================================================
21:51:27.0692 4652 Current date / time: 2012/07/22 21:51:27.0692
21:51:27.0692 4652 SystemInfo:
21:51:27.0692 4652
21:51:27.0692 4652 OS Version: 6.0.6002 ServicePack: 2.0
21:51:27.0692 4652 Product type: Workstation
21:51:27.0692 4652 ComputerName: DAVES
21:51:27.0692 4652 UserName: test
21:51:27.0692 4652 Windows directory: C:\Windows
21:51:27.0692 4652 System windows directory: C:\Windows
21:51:27.0693 4652 Processor architecture: Intel x86
21:51:27.0693 4652 Number of processors: 2
21:51:27.0693 4652 Page size: 0x1000
21:51:27.0693 4652 Boot type: Normal boot
21:51:27.0693 4652 ============================================================
21:51:30.0135 4652 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:51:30.0174 4652 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:51:30.0184 4652 ============================================================
21:51:30.0184 4652 \Device\Harddisk0\DR0:
21:51:30.0184 4652 MBR partitions:
21:51:30.0184 4652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C1BA000
21:51:30.0184 4652 \Device\Harddisk1\DR1:
21:51:30.0185 4652 MBR partitions:
21:51:30.0185 4652 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
21:51:30.0185 4652 ============================================================
21:51:30.0220 4652 C: <-> \Device\Harddisk0\DR0\Partition0
21:51:30.0252 4652 D: <-> \Device\Harddisk1\DR1\Partition0
21:51:30.0253 4652 ============================================================
21:51:30.0253 4652 Initialize success
21:51:30.0253 4652 ============================================================
21:52:07.0548 1964 ============================================================
21:52:07.0549 1964 Scan started
21:52:07.0549 1964 Mode: Manual; SigCheck; TDLFS;
21:52:07.0549 1964 ============================================================
21:52:09.0177 1964 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:52:09.0266 1964 ACPI - ok
21:52:09.0327 1964 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:52:09.0353 1964 adp94xx - ok
21:52:09.0398 1964 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:52:09.0416 1964 adpahci - ok
21:52:09.0446 1964 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:52:09.0460 1964 adpu160m - ok
21:52:09.0478 1964 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:52:09.0493 1964 adpu320 - ok
21:52:09.0559 1964 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:52:09.0609 1964 AeLookupSvc - ok
21:52:09.0699 1964 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:52:09.0753 1964 AFD - ok
21:52:09.0808 1964 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:52:09.0822 1964 agp440 - ok
21:52:09.0854 1964 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:52:09.0867 1964 aic78xx - ok
21:52:09.0913 1964 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
21:52:09.0931 1964 AlfaFF - ok
21:52:09.0993 1964 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:52:10.0047 1964 ALG - ok
21:52:10.0070 1964 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:52:10.0082 1964 aliide - ok
21:52:10.0138 1964 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:52:10.0150 1964 amdagp - ok
21:52:10.0169 1964 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:52:10.0181 1964 amdide - ok
21:52:10.0210 1964 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:52:10.0267 1964 AmdK7 - ok
21:52:10.0284 1964 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:52:10.0371 1964 AmdK8 - ok
21:52:10.0513 1964 AntiVirSchedulerService (ca8a0e78c3bbbad05a9a132bc468df9c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:52:10.0526 1964 AntiVirSchedulerService - ok
21:52:10.0553 1964 AntiVirService (48be1fcff1c929c899f29bcdc8659d9f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:52:10.0568 1964 AntiVirService - ok
21:52:10.0623 1964 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:52:10.0690 1964 Appinfo - ok
21:52:10.0792 1964 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
21:52:10.0863 1964 AppMgmt - ok
21:52:10.0900 1964 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:52:10.0913 1964 arc - ok
21:52:10.0932 1964 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:52:10.0945 1964 arcsas - ok
21:52:11.0052 1964 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:52:11.0063 1964 aspnet_state - ok
21:52:11.0105 1964 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:11.0146 1964 AsyncMac - ok
21:52:11.0186 1964 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:52:11.0199 1964 atapi - ok
21:52:11.0271 1964 Ati External Event Utility (54d715af597c06e87418c50f481bdd2c) C:\Windows\system32\Ati2evxx.exe
21:52:11.0348 1964 Ati External Event Utility - ok
21:52:11.0543 1964 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
21:52:11.0722 1964 atikmdag - ok
21:52:11.0858 1964 ATSWPDRV (4e6833f9591dc6a37e70dc188793f5be) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
21:52:11.0872 1964 ATSWPDRV - ok
21:52:11.0919 1964 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:52:11.0964 1964 AudioEndpointBuilder - ok
21:52:11.0969 1964 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:52:11.0990 1964 Audiosrv - ok
21:52:12.0018 1964 Authentec memory manager (a4fad13fc0d92c615d0d8d6784992ab2) C:\Windows\system32\TAMSvr.exe
21:52:12.0027 1964 Authentec memory manager ( UnsignedFile.Multi.Generic ) - warning
21:52:12.0027 1964 Authentec memory manager - detected UnsignedFile.Multi.Generic (1)
21:52:12.0132 1964 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:52:12.0141 1964 avgio - ok
21:52:12.0151 1964 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
21:52:12.0163 1964 avgntflt - ok
21:52:12.0183 1964 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
21:52:12.0197 1964 avipbb - ok
21:52:12.0270 1964 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:52:12.0281 1964 BcmSqlStartupSvc - ok
21:52:12.0326 1964 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:52:12.0369 1964 Beep - ok
21:52:12.0473 1964 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:52:12.0557 1964 BITS - ok
21:52:12.0596 1964 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:52:12.0642 1964 blbdrive - ok
21:52:12.0680 1964 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:52:12.0714 1964 bowser - ok
21:52:12.0746 1964 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:52:12.0786 1964 BrFiltLo - ok
21:52:12.0805 1964 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:52:12.0874 1964 BrFiltUp - ok
21:52:12.0911 1964 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:52:12.0956 1964 Browser - ok
21:52:13.0003 1964 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:52:13.0064 1964 Brserid - ok
21:52:13.0092 1964 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:52:13.0134 1964 BrSerWdm - ok
21:52:13.0162 1964 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:52:13.0218 1964 BrUsbMdm - ok
21:52:13.0241 1964 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:52:13.0280 1964 BrUsbSer - ok
21:52:13.0303 1964 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:52:13.0356 1964 BthEnum - ok
21:52:13.0408 1964 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:52:13.0458 1964 BTHMODEM - ok
21:52:13.0504 1964 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:52:13.0549 1964 BthPan - ok
21:52:13.0625 1964 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
21:52:13.0669 1964 BTHPORT - ok
21:52:13.0722 1964 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
21:52:13.0748 1964 BthServ - ok
21:52:13.0784 1964 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
21:52:13.0822 1964 BTHUSB - ok
21:52:13.0854 1964 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:52:13.0895 1964 cdfs - ok
21:52:13.0952 1964 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:52:13.0995 1964 cdrom - ok
21:52:14.0037 1964 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:52:14.0086 1964 CertPropSvc - ok
21:52:14.0119 1964 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:52:14.0167 1964 circlass - ok
21:52:14.0214 1964 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:52:14.0232 1964 CLFS - ok
21:52:14.0288 1964 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:14.0300 1964 clr_optimization_v2.0.50727_32 - ok
21:52:14.0338 1964 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:14.0361 1964 CmBatt - ok
21:52:14.0387 1964 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:52:14.0399 1964 cmdide - ok
21:52:14.0442 1964 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
21:52:14.0479 1964 CnxtHdAudService - ok
21:52:14.0507 1964 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:52:14.0518 1964 Compbatt - ok
21:52:14.0521 1964 COMSysApp - ok
21:52:14.0593 1964 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:52:14.0630 1964 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
21:52:14.0630 1964 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
21:52:14.0649 1964 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:52:14.0661 1964 crcdisk - ok
21:52:14.0681 1964 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:52:14.0726 1964 Crusoe - ok
21:52:14.0800 1964 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:52:14.0840 1964 CryptSvc - ok
21:52:14.0909 1964 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:52:14.0983 1964 CSC - ok
21:52:15.0045 1964 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
21:52:15.0097 1964 CscService - ok
21:52:15.0167 1964 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:52:15.0226 1964 DcomLaunch - ok
21:52:15.0382 1964 DeviceManager - ok
21:52:15.0515 1964 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:52:15.0563 1964 DfsC - ok
21:52:15.0710 1964 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:52:15.0844 1964 DFSR - ok
21:52:15.0957 1964 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
21:52:15.0984 1964 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:52:15.0984 1964 DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:52:16.0053 1964 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:52:16.0093 1964 Dhcp - ok
21:52:16.0146 1964 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:52:16.0159 1964 disk - ok
21:52:16.0200 1964 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:52:16.0262 1964 Dnscache - ok
21:52:16.0303 1964 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:52:16.0344 1964 dot3svc - ok
21:52:16.0389 1964 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:52:16.0417 1964 DPS - ok
21:52:16.0480 1964 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:52:16.0499 1964 drmkaud - ok
21:52:16.0566 1964 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:52:16.0596 1964 DXGKrnl - ok
21:52:16.0646 1964 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:52:16.0692 1964 E1G60 - ok
21:52:16.0744 1964 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:52:16.0784 1964 EapHost - ok
21:52:16.0834 1964 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:52:16.0850 1964 Ecache - ok
21:52:16.0916 1964 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:52:16.0937 1964 elxstor - ok
21:52:17.0016 1964 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:52:17.0113 1964 EMDMgmt - ok
21:52:17.0163 1964 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:52:17.0198 1964 ErrDev - ok
21:52:17.0272 1964 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:52:17.0295 1964 EventSystem - ok
21:52:17.0342 1964 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:52:17.0357 1964 exfat - ok
21:52:17.0640 1964 ExpressInvoiceService (4aaf8ca0be55b59d12482b82a26c5d47) C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
21:52:17.0837 1964 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - warning
21:52:17.0837 1964 ExpressInvoiceService - detected UnsignedFile.Multi.Generic (1)
21:52:18.0108 1964 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:52:18.0162 1964 fastfat - ok
21:52:18.0229 1964 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
21:52:18.0309 1964 Fax - ok
21:52:18.0354 1964 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:52:18.0398 1964 fdc - ok
21:52:18.0439 1964 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:52:18.0463 1964 fdPHost - ok
21:52:18.0478 1964 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:52:18.0535 1964 FDResPub - ok
21:52:18.0567 1964 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:52:18.0580 1964 FileInfo - ok
21:52:18.0605 1964 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:52:18.0629 1964 Filetrace - ok
21:52:18.0662 1964 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:18.0686 1964 flpydisk - ok
21:52:18.0740 1964 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:52:18.0757 1964 FltMgr - ok
21:52:18.0880 1964 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
21:52:18.0960 1964 FontCache - ok
21:52:19.0106 1964 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:19.0128 1964 FontCache3.0.0.0 - ok
21:52:19.0172 1964 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:52:19.0201 1964 Fs_Rec - ok
21:52:19.0242 1964 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:52:19.0255 1964 gagp30kx - ok
21:52:19.0328 1964 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:52:19.0380 1964 gpsvc - ok
21:52:19.0459 1964 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:52:19.0511 1964 HdAudAddService - ok
21:52:19.0570 1964 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:52:19.0629 1964 HDAudBus - ok
21:52:19.0669 1964 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:52:19.0709 1964 HidBth - ok
21:52:19.0731 1964 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:52:19.0801 1964 HidIr - ok
21:52:19.0854 1964 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:52:19.0879 1964 hidserv - ok
21:52:19.0911 1964 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:52:19.0952 1964 HidUsb - ok
21:52:19.0987 1964 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:52:20.0012 1964 hkmsvc - ok
21:52:20.0049 1964 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:52:20.0061 1964 HpCISSs - ok
21:52:20.0173 1964 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:52:20.0224 1964 HSF_DPV - ok
21:52:20.0255 1964 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:52:20.0290 1964 HSXHWAZL - ok
21:52:20.0349 1964 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:52:20.0372 1964 HTTP - ok
21:52:20.0407 1964 hwdatacard - ok
21:52:20.0447 1964 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:52:20.0459 1964 i2omp - ok
21:52:20.0508 1964 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:52:20.0554 1964 i8042prt - ok
21:52:20.0602 1964 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
21:52:20.0618 1964 iaStor - ok
21:52:20.0687 1964 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:52:20.0757 1964 iaStorV - ok
21:52:20.0850 1964 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:52:20.0876 1964 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:52:20.0876 1964 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:52:21.0022 1964 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:21.0060 1964 idsvc - ok
21:52:21.0100 1964 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:52:21.0112 1964 iirsp - ok
21:52:21.0214 1964 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:52:21.0275 1964 IKEEXT - ok
21:52:21.0335 1964 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:52:21.0346 1964 intelide - ok
21:52:21.0384 1964 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:52:21.0407 1964 intelppm - ok
21:52:21.0530 1964 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:52:21.0579 1964 IPBusEnum - ok
21:52:21.0609 1964 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:21.0635 1964 IpFilterDriver - ok
21:52:21.0640 1964 IpInIp - ok
21:52:21.0667 1964 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:52:21.0693 1964 IPMIDRV - ok
21:52:21.0718 1964 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:52:21.0759 1964 IPNAT - ok
21:52:21.0782 1964 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:52:21.0806 1964 IRENUM - ok
21:52:21.0836 1964 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:52:21.0850 1964 isapnp - ok
21:52:21.0908 1964 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:52:21.0924 1964 iScsiPrt - ok
21:52:21.0970 1964 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:52:21.0981 1964 iteatapi - ok
21:52:21.0995 1964 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:52:22.0007 1964 iteraid - ok
21:52:22.0026 1964 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:52:22.0038 1964 kbdclass - ok
21:52:22.0056 1964 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:52:22.0080 1964 kbdhid - ok
21:52:22.0119 1964 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:52:22.0155 1964 KeyIso - ok
21:52:22.0197 1964 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:52:22.0223 1964 KSecDD - ok
21:52:22.0293 1964 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:52:22.0329 1964 KtmRm - ok
21:52:22.0370 1964 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:52:22.0415 1964 LanmanServer - ok
21:52:22.0451 1964 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:52:22.0499 1964 LanmanWorkstation - ok
21:52:22.0527 1964 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:52:22.0569 1964 lltdio - ok
21:52:22.0604 1964 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:52:22.0640 1964 lltdsvc - ok
21:52:22.0660 1964 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:52:22.0730 1964 lmhosts - ok
21:52:22.0778 1964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:52:22.0796 1964 LSI_FC - ok
21:52:22.0837 1964 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:52:22.0850 1964 LSI_SAS - ok
21:52:22.0932 1964 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:52:22.0945 1964 LSI_SCSI - ok
21:52:22.0974 1964 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:52:22.0998 1964 luafv - ok
21:52:23.0030 1964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:52:23.0079 1964 mdmxsdk - ok
21:52:23.0117 1964 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:52:23.0129 1964 megasas - ok
21:52:23.0194 1964 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:52:23.0216 1964 MegaSR - ok
21:52:23.0342 1964 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:52:23.0353 1964 Microsoft Office Groove Audit Service - ok
21:52:23.0372 1964 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:52:23.0414 1964 MMCSS - ok
21:52:23.0456 1964 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:52:23.0496 1964 Modem - ok
21:52:23.0552 1964 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:52:23.0576 1964 monitor - ok
21:52:23.0626 1964 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:52:23.0638 1964 mouclass - ok
21:52:23.0657 1964 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:52:23.0695 1964 mouhid - ok
21:52:23.0719 1964 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:52:23.0732 1964 MountMgr - ok
21:52:23.0767 1964 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:52:23.0782 1964 mpio - ok
21:52:23.0811 1964 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:52:23.0832 1964 mpsdrv - ok
21:52:23.0869 1964 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:52:23.0881 1964 Mraid35x - ok
21:52:23.0921 1964 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:52:23.0975 1964 MRxDAV - ok
21:52:24.0036 1964 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:24.0060 1964 mrxsmb - ok
21:52:24.0099 1964 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:24.0116 1964 mrxsmb10 - ok
21:52:24.0139 1964 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:24.0161 1964 mrxsmb20 - ok
21:52:24.0205 1964 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:52:24.0217 1964 msahci - ok
21:52:24.0246 1964 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:52:24.0259 1964 msdsm - ok
21:52:24.0304 1964 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:52:24.0348 1964 MSDTC - ok
21:52:24.0368 1964 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:52:24.0393 1964 Msfs - ok
21:52:24.0432 1964 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:52:24.0444 1964 msisadrv - ok
21:52:24.0483 1964 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:52:24.0509 1964 MSiSCSI - ok
21:52:24.0523 1964 msiserver - ok
21:52:24.0583 1964 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:52:24.0627 1964 MSKSSRV - ok
21:52:24.0651 1964 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:24.0691 1964 MSPCLOCK - ok
21:52:24.0728 1964 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:52:24.0764 1964 MSPQM - ok
21:52:24.0810 1964 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:52:24.0826 1964 MsRPC - ok
21:52:24.0875 1964 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:52:24.0885 1964 mssmbios - ok
21:52:24.0986 1964 MSSQL$MSSMLBIZ - ok
21:52:25.0075 1964 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:52:25.0087 1964 MSSQLServerADHelper - ok
21:52:25.0159 1964 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:52:25.0217 1964 MSTEE - ok
21:52:25.0274 1964 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:52:25.0288 1964 Mup - ok
21:52:25.0346 1964 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:52:25.0391 1964 napagent - ok
21:52:25.0449 1964 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:52:25.0502 1964 NativeWifiP - ok
21:52:25.0569 1964 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:52:25.0595 1964 NDIS - ok
21:52:25.0626 1964 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:25.0680 1964 NdisTapi - ok
21:52:25.0707 1964 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:25.0760 1964 Ndisuio - ok
21:52:25.0843 1964 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:25.0864 1964 NdisWan - ok
21:52:25.0877 1964 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:52:25.0896 1964 NDProxy - ok
21:52:25.0943 1964 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:52:25.0986 1964 NetBIOS - ok
21:52:26.0024 1964 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:52:26.0065 1964 netbt - ok
21:52:26.0109 1964 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:52:26.0123 1964 Netlogon - ok
21:52:26.0168 1964 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:52:26.0220 1964 Netman - ok
21:52:26.0245 1964 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:52:26.0290 1964 netprofm - ok
21:52:26.0374 1964 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:26.0387 1964 NetTcpPortSharing - ok
21:52:26.0607 1964 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:52:26.0764 1964 NETw5v32 - ok
21:52:26.0925 1964 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:52:26.0936 1964 nfrd960 - ok
21:52:26.0971 1964 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:52:27.0019 1964 NlaSvc - ok
21:52:27.0079 1964 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
21:52:27.0130 1964 nmwcd - ok
21:52:27.0165 1964 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
21:52:27.0188 1964 nmwcdc - ok
21:52:27.0240 1964 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\Windows\system32\drivers\nmwcdnsu.sys
21:52:27.0284 1964 nmwcdnsu - ok
21:52:27.0324 1964 nmwcdnsuc (fb09150cfc7a499a53c308d04841a3bd) C:\Windows\system32\drivers\nmwcdnsuc.sys
21:52:27.0359 1964 nmwcdnsuc - ok
21:52:27.0395 1964 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:52:27.0415 1964 Npfs - ok
21:52:27.0463 1964 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:52:27.0513 1964 nsi - ok
21:52:27.0538 1964 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:52:27.0562 1964 nsiproxy - ok
21:52:27.0657 1964 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:52:27.0700 1964 Ntfs - ok
21:52:27.0753 1964 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:52:27.0802 1964 ntrigdigi - ok
21:52:27.0826 1964 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:52:27.0873 1964 Null - ok
21:52:27.0909 1964 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:52:27.0929 1964 nvraid - ok
21:52:27.0946 1964 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:52:27.0960 1964 nvstor - ok
21:52:28.0000 1964 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:52:28.0015 1964 nv_agp - ok
21:52:28.0018 1964 NwlnkFlt - ok
21:52:28.0026 1964 NwlnkFwd - ok
21:52:28.0170 1964 o2flash (d955d5de998db2476bf0892be3a96c26) c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
21:52:28.0176 1964 o2flash ( UnsignedFile.Multi.Generic ) - warning
21:52:28.0176 1964 o2flash - detected UnsignedFile.Multi.Generic (1)
21:52:28.0212 1964 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
21:52:28.0221 1964 O2MDRDR - ok
21:52:28.0312 1964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:52:28.0335 1964 odserv - ok
21:52:28.0371 1964 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:52:28.0390 1964 ohci1394 - ok
21:52:28.0429 1964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:52:28.0442 1964 ose - ok
21:52:28.0502 1964 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:52:28.0576 1964 p2pimsvc - ok
21:52:28.0586 1964 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:52:28.0613 1964 p2psvc - ok
21:52:28.0684 1964 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:52:28.0740 1964 Parport - ok
21:52:28.0769 1964 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:52:28.0782 1964 partmgr - ok
21:52:28.0799 1964 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:52:28.0839 1964 Parvdm - ok
21:52:28.0872 1964 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:52:28.0938 1964 PcaSvc - ok
21:52:29.0002 1964 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:52:29.0046 1964 pccsmcfd - ok
21:52:29.0083 1964 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:52:29.0098 1964 pci - ok
21:52:29.0140 1964 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:52:29.0152 1964 pciide - ok
21:52:29.0179 1964 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:52:29.0193 1964 pcmcia - ok
21:52:29.0265 1964 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:52:29.0374 1964 PEAUTH - ok
21:52:29.0489 1964 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:52:29.0588 1964 pla - ok
21:52:29.0935 1964 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:52:29.0984 1964 PlugPlay - ok
21:52:30.0071 1964 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:52:30.0109 1964 PNRPAutoReg - ok
21:52:30.0116 1964 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:52:30.0142 1964 PNRPsvc - ok
21:52:30.0170 1964 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:52:30.0221 1964 PolicyAgent - ok
21:52:30.0301 1964 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:52:30.0346 1964 PptpMiniport - ok
21:52:30.0374 1964 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:52:30.0409 1964 Processor - ok
21:52:30.0463 1964 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:52:30.0486 1964 ProfSvc - ok
21:52:30.0531 1964 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:52:30.0566 1964 ProtectedStorage - ok
21:52:30.0613 1964 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:52:30.0648 1964 PSched - ok
21:52:30.0709 1964 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\Windows\system32\DRIVERS\qcusbser.sys
21:52:30.0756 1964 qcusbser - ok
21:52:30.0782 1964 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
21:52:30.0810 1964 QIOMem - ok
21:52:30.0912 1964 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:52:31.0012 1964 ql2300 - ok
21:52:31.0038 1964 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:52:31.0051 1964 ql40xx - ok
21:52:31.0111 1964 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:52:31.0150 1964 QWAVE - ok
21:52:31.0177 1964 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:52:31.0209 1964 QWAVEdrv - ok
21:52:31.0243 1964 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:52:31.0297 1964 RasAcd - ok
21:52:31.0314 1964 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:52:31.0371 1964 RasAuto - ok
21:52:31.0404 1964 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:31.0450 1964 Rasl2tp - ok
21:52:31.0497 1964 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:52:31.0542 1964 RasMan - ok
21:52:31.0583 1964 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:31.0602 1964 RasPppoe - ok
21:52:31.0633 1964 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:52:31.0666 1964 RasSstp - ok
21:52:31.0701 1964 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:52:31.0739 1964 rdbss - ok
21:52:31.0772 1964 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:31.0824 1964 RDPCDD - ok
21:52:31.0893 1964 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:52:31.0943 1964 rdpdr - ok
21:52:31.0960 1964 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:52:31.0983 1964 RDPENCDD - ok
21:52:32.0049 1964 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:52:32.0105 1964 RDPWD - ok
21:52:32.0148 1964 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:52:32.0197 1964 RemoteAccess - ok
21:52:32.0231 1964 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:52:32.0267 1964 RemoteRegistry - ok
21:52:32.0311 1964 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:52:32.0351 1964 RFCOMM - ok
21:52:32.0510 1964 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:52:32.0525 1964 RichVideo - ok
21:52:32.0569 1964 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:52:32.0616 1964 ROOTMODEM - ok
21:52:32.0643 1964 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:52:32.0687 1964 RpcLocator - ok
21:52:32.0747 1964 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:52:32.0780 1964 RpcSs - ok
21:52:32.0801 1964 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:52:32.0825 1964 rspndr - ok
21:52:32.0853 1964 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:52:32.0868 1964 SamSs - ok
21:52:32.0896 1964 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:52:32.0908 1964 sbp2port - ok
21:52:32.0982 1964 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:52:33.0020 1964 SCardSvr - ok
21:52:33.0085 1964 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:52:33.0190 1964 Schedule - ok
21:52:33.0227 1964 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:52:33.0246 1964 SCPolicySvc - ok
21:52:33.0314 1964 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:52:33.0334 1964 sdbus - ok
21:52:33.0377 1964 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:52:33.0440 1964 SDRSVC - ok
21:52:33.0468 1964 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:52:33.0509 1964 secdrv - ok
21:52:33.0525 1964 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:52:33.0572 1964 seclogon - ok
21:52:33.0612 1964 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:52:33.0638 1964 SENS - ok
21:52:33.0657 1964 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:52:33.0713 1964 Serenum - ok
21:52:33.0737 1964 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:52:33.0778 1964 Serial - ok
21:52:33.0806 1964 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:52:33.0832 1964 sermouse - ok
21:52:33.0926 1964 ServiceLayer (77faa749c34193f003f666d2e368a1f8) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:52:33.0985 1964 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:52:33.0985 1964 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:52:34.0024 1964 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:52:34.0069 1964 SessionEnv - ok
21:52:34.0097 1964 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:52:34.0131 1964 sffdisk - ok
21:52:34.0156 1964 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:52:34.0202 1964 sffp_mmc - ok
21:52:34.0241 1964 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:52:34.0279 1964 sffp_sd - ok
21:52:34.0302 1964 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:52:34.0366 1964 sfloppy - ok
21:52:34.0418 1964 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:52:34.0456 1964 ShellHWDetection - ok
21:52:34.0477 1964 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:52:34.0490 1964 sisagp - ok
21:52:34.0534 1964 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:52:34.0548 1964 SiSRaid2 - ok
21:52:34.0576 1964 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:52:34.0590 1964 SiSRaid4 - ok
21:52:34.0786 1964 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:52:34.0938 1964 slsvc - ok
21:52:35.0055 1964 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:52:35.0105 1964 SLUINotify - ok
21:52:35.0190 1964 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
21:52:35.0215 1964 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
21:52:35.0215 1964 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
21:52:35.0281 1964 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:52:35.0301 1964 Smb - ok
21:52:35.0334 1964 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:52:35.0348 1964 SNMPTRAP - ok
21:52:35.0378 1964 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:52:35.0390 1964 spldr - ok
21:52:35.0423 1964 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:52:35.0453 1964 Spooler - ok
21:52:35.0508 1964 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:52:35.0522 1964 SQLBrowser - ok
21:52:35.0554 1964 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:52:35.0567 1964 SQLWriter - ok
21:52:35.0614 1964 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:52:35.0667 1964 srv - ok
21:52:35.0689 1964 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:52:35.0730 1964 srv2 - ok
21:52:35.0755 1964 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:52:35.0786 1964 srvnet - ok
21:52:35.0833 1964 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:52:35.0863 1964 SSDPSRV - ok
21:52:35.0904 1964 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:52:35.0913 1964 ssmdrv - ok
21:52:35.0950 1964 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
21:52:35.0956 1964 SSPORT ( UnsignedFile.Multi.Generic ) - warning
21:52:35.0956 1964 SSPORT - detected UnsignedFile.Multi.Generic (1)
21:52:35.0990 1964 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:52:36.0032 1964 SstpSvc - ok
21:52:36.0089 1964 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:52:36.0133 1964 stisvc - ok
21:52:36.0197 1964 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:52:36.0209 1964 swenum - ok
21:52:36.0356 1964 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:52:36.0417 1964 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:52:36.0417 1964 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:52:36.0469 1964 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:52:36.0512 1964 swprv - ok
21:52:36.0557 1964 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:52:36.0568 1964 Symc8xx - ok
21:52:36.0605 1964 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:52:36.0617 1964 Sym_hi - ok
21:52:36.0635 1964 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:52:36.0646 1964 Sym_u3 - ok
21:52:36.0704 1964 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
21:52:36.0719 1964 SynTP - ok
21:52:36.0782 1964 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:52:36.0852 1964 SysMain - ok
21:52:36.0897 1964 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:52:36.0939 1964 TabletInputService - ok
21:52:36.0987 1964 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:52:37.0037 1964 TapiSrv - ok
21:52:37.0060 1964 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:52:37.0088 1964 TBS - ok
21:52:37.0181 1964 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:52:37.0223 1964 Tcpip - ok
21:52:37.0245 1964 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:52:37.0276 1964 Tcpip6 - ok
21:52:37.0301 1964 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:52:37.0335 1964 tcpipreg - ok
21:52:37.0370 1964 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:52:37.0382 1964 tdcmdpst - ok
21:52:37.0410 1964 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:52:37.0452 1964 TDPIPE - ok
21:52:37.0474 1964 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:52:37.0515 1964 TDTCP - ok
21:52:37.0552 1964 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:52:37.0616 1964 tdx - ok
21:52:37.0652 1964 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:52:37.0666 1964 TermDD - ok
21:52:37.0716 1964 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:52:37.0750 1964 TermService - ok
21:52:37.0795 1964 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:52:37.0833 1964 Themes - ok
21:52:37.0861 1964 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:52:37.0887 1964 THREADORDER - ok
21:52:37.0972 1964 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
21:52:37.0982 1964 TNaviSrv - ok
21:52:38.0022 1964 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
21:52:38.0039 1964 TODDSrv - ok
21:52:38.0101 1964 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:52:38.0123 1964 TosCoSrv - ok
21:52:38.0224 1964 TOSHIBA Bluetooth Service (8e10e654e354cf330ed75882769a0107) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:52:38.0235 1964 TOSHIBA Bluetooth Service - ok
21:52:38.0279 1964 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
21:52:38.0286 1964 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
21:52:38.0286 1964 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
21:52:38.0352 1964 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
21:52:38.0389 1964 tosporte - ok
21:52:38.0441 1964 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys
21:52:38.0476 1964 tosrfbd - ok
21:52:38.0496 1964 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
21:52:38.0538 1964 tosrfbnp - ok
21:52:38.0582 1964 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys
21:52:38.0593 1964 Tosrfcom - ok
21:52:38.0616 1964 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
21:52:38.0626 1964 tosrfec - ok
21:52:38.0665 1964 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:52:38.0720 1964 Tosrfhid - ok
21:52:38.0735 1964 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
21:52:38.0784 1964 tosrfnds - ok
21:52:38.0807 1964 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
21:52:38.0858 1964 TosRfSnd - ok
21:52:38.0896 1964 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
21:52:38.0943 1964 Tosrfusb - ok
21:52:38.0985 1964 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:52:39.0003 1964 tos_sps32 - ok
21:52:39.0037 1964 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:52:39.0067 1964 TrkWks - ok
21:52:39.0120 1964 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:52:39.0147 1964 TrustedInstaller - ok
21:52:39.0181 1964 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:52:39.0218 1964 tssecsrv - ok
21:52:39.0261 1964 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:52:39.0275 1964 tunmp - ok
21:52:39.0316 1964 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:52:39.0347 1964 tunnel - ok
21:52:39.0384 1964 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:52:39.0396 1964 TVALZ - ok
21:52:39.0425 1964 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:52:39.0439 1964 uagp35 - ok
21:52:39.0487 1964 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:52:39.0509 1964 udfs - ok
21:52:39.0538 1964 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:52:39.0564 1964 UI0Detect - ok
21:52:39.0622 1964 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:52:39.0628 1964 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
21:52:39.0628 1964 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
21:52:39.0654 1964 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:52:39.0666 1964 uliagpkx - ok
21:52:39.0709 1964 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:52:39.0726 1964 uliahci - ok
21:52:39.0772 1964 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:52:39.0785 1964 UlSata - ok
21:52:39.0811 1964 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:52:39.0825 1964 ulsata2 - ok
21:52:39.0845 1964 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:52:39.0889 1964 umbus - ok
21:52:39.0934 1964 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
21:52:39.0970 1964 UmRdpService - ok
21:52:40.0013 1964 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:52:40.0045 1964 upnphost - ok
21:52:40.0101 1964 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:52:40.0138 1964 upperdev - ok
21:52:40.0187 1964 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:52:40.0227 1964 usbccgp - ok
21:52:40.0244 1964 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:52:40.0305 1964 usbcir - ok
21:52:40.0351 1964 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:52:40.0371 1964 usbehci - ok
21:52:40.0404 1964 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:52:40.0449 1964 usbhub - ok
21:52:40.0478 1964 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:52:40.0539 1964 usbohci - ok
21:52:40.0574 1964 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:52:40.0597 1964 usbprint - ok
21:52:40.0643 1964 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:52:40.0696 1964 usbscan - ok
21:52:40.0751 1964 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
21:52:40.0770 1964 usbser - ok
21:52:40.0797 1964 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:52:40.0871 1964 UsbserFilt - ok
21:52:40.0910 1964 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:52:40.0929 1964 USBSTOR - ok
21:52:40.0957 1964 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:52:40.0998 1964 usbuhci - ok
21:52:41.0038 1964 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:52:41.0088 1964 usbvideo - ok
21:52:41.0124 1964 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
21:52:41.0135 1964 UVCFTR - ok
21:52:41.0181 1964 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:52:41.0213 1964 UxSms - ok
21:52:41.0273 1964 vci109w3 (82858fc609d6a4cc66061027c16edd09) C:\Windows\system32\DRIVERS\vci109w3.sys
21:52:41.0294 1964 vci109w3 - ok
21:52:41.0330 1964 vcisrv (4aac39e916ed596fedbdf83a5cf2059d) C:\Windows\System32\drivers\vcisrv.sys
21:52:41.0349 1964 vcisrv - ok
21:52:41.0405 1964 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:52:41.0437 1964 vds - ok
21:52:41.0477 1964 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:52:41.0501 1964 vga - ok
21:52:41.0536 1964 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:52:41.0560 1964 VgaSave - ok
21:52:41.0582 1964 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:52:41.0594 1964 viaagp - ok
21:52:41.0623 1964 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:52:41.0647 1964 ViaC7 - ok
21:52:41.0677 1964 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:52:41.0688 1964 viaide - ok
21:52:41.0738 1964 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:52:41.0750 1964 volmgr - ok
21:52:41.0803 1964 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:52:41.0822 1964 volmgrx - ok
21:52:41.0864 1964 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:52:41.0882 1964 volsnap - ok
21:52:41.0938 1964 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:52:41.0953 1964 vsmraid - ok
21:52:42.0048 1964 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:52:42.0119 1964 VSS - ok
21:52:42.0180 1964 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:52:42.0209 1964 W32Time - ok
21:52:42.0271 1964 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:52:42.0329 1964 WacomPen - ok
21:52:42.0351 1964 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:52:42.0372 1964 Wanarp - ok
21:52:42.0376 1964 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:52:42.0397 1964 Wanarpv6 - ok
21:52:42.0459 1964 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
21:52:42.0550 1964 wbengine - ok
21:52:42.0606 1964 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:52:42.0669 1964 wcncsvc - ok
21:52:42.0715 1964 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:52:42.0758 1964 WcsPlugInService - ok
21:52:42.0820 1964 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:52:42.0833 1964 Wd - ok
21:52:42.0877 1964 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:52:42.0902 1964 Wdf01000 - ok
21:52:42.0927 1964 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:52:42.0968 1964 WdiServiceHost - ok
21:52:42.0971 1964 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:52:42.0997 1964 WdiSystemHost - ok
21:52:43.0038 1964 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:52:43.0062 1964 WebClient - ok
21:52:43.0099 1964 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
21:52:43.0150 1964 Wecsvc - ok
21:52:43.0177 1964 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:52:43.0199 1964 wercplsupport - ok
21:52:43.0247 1964 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:52:43.0271 1964 WerSvc - ok
21:52:43.0333 1964 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:52:43.0380 1964 winachsf - ok
21:52:43.0385 1964 WinHttpAutoProxySvc - ok
21:52:43.0459 1964 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:52:43.0481 1964 Winmgmt - ok
21:52:43.0563 1964 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
21:52:43.0628 1964 WinRM - ok
21:52:43.0710 1964 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:52:43.0781 1964 Wlansvc - ok
21:52:44.0008 1964 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:52:44.0074 1964 wlidsvc - ok
21:52:44.0228 1964 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:52:44.0272 1964 WmiAcpi - ok
21:52:44.0369 1964 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:52:44.0422 1964 wmiApSrv - ok
21:52:44.0550 1964 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:52:44.0609 1964 WMPNetworkSvc - ok
21:52:44.0676 1964 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:52:44.0748 1964 WPDBusEnum - ok
21:52:44.0793 1964 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:52:44.0807 1964 WpdUsb - ok
21:52:44.0842 1964 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:52:44.0868 1964 ws2ifsl - ok
21:52:44.0871 1964 WSearch - ok
21:52:44.0979 1964 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:52:45.0094 1964 wuauserv - ok
21:52:45.0281 1964 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:52:45.0346 1964 WUDFRd - ok
21:52:45.0481 1964 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:52:45.0508 1964 wudfsvc - ok
21:52:45.0534 1964 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:52:45.0581 1964 XAudio - ok
21:52:45.0617 1964 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
21:52:45.0689 1964 XAudioService - ok
21:52:45.0768 1964 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
21:52:45.0814 1964 yukonwlh - ok
21:52:45.0874 1964 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:52:46.0967 1964 \Device\Harddisk0\DR0 - ok
21:52:46.0971 1964 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1
21:52:50.0566 1964 \Device\Harddisk1\DR1 - ok
21:52:50.0611 1964 Boot (0x1200) (253b32bc88a3ec02c369c14b6a8aafad) \Device\Harddisk0\DR0\Partition0
21:52:50.0613 1964 \Device\Harddisk0\DR0\Partition0 - ok
21:52:50.0616 1964 Boot (0x1200) (3f72a4fcf744bc99d4d603f2d4e2c3e0) \Device\Harddisk1\DR1\Partition0
21:52:50.0617 1964 \Device\Harddisk1\DR1\Partition0 - ok
21:52:50.0619 1964 ============================================================
21:52:50.0619 1964 Scan finished
21:52:50.0619 1964 ============================================================
21:52:50.0631 4444 Detected object count: 12
21:52:50.0631 4444 Actual detected object count: 12
21:53:08.0482 4444 Authentec memory manager ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0482 4444 Authentec memory manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0484 4444 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0484 4444 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0486 4444 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0486 4444 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0487 4444 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0487 4444 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0489 4444 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0489 4444 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0493 4444 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0493 4444 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0495 4444 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0495 4444 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0496 4444 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0496 4444 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0497 4444 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0497 4444 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0499 4444 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0499 4444 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0500 4444 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0500 4444 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:08.0501 4444 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:08.0501 4444 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:08.0880 2748 ============================================================
21:54:08.0880 2748 Scan started
21:54:08.0880 2748 Mode: Manual; SigCheck; TDLFS;
21:54:08.0880 2748 ============================================================
21:54:09.0641 2748 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:54:09.0665 2748 ACPI - ok
21:54:09.0715 2748 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:54:09.0735 2748 adp94xx - ok
21:54:09.0771 2748 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:54:09.0786 2748 adpahci - ok
21:54:09.0809 2748 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:54:09.0822 2748 adpu160m - ok
21:54:09.0843 2748 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:54:09.0856 2748 adpu320 - ok
21:54:09.0889 2748 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:54:09.0908 2748 AeLookupSvc - ok
21:54:09.0962 2748 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:54:09.0978 2748 AFD - ok
21:54:10.0027 2748 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:54:10.0038 2748 agp440 - ok
21:54:10.0073 2748 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:54:10.0085 2748 aic78xx - ok
21:54:10.0121 2748 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\Drivers\AlfaFF.sys
21:54:10.0135 2748 AlfaFF - ok
21:54:10.0178 2748 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:54:10.0202 2748 ALG - ok
21:54:10.0223 2748 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:54:10.0234 2748 aliide - ok
21:54:10.0301 2748 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:54:10.0313 2748 amdagp - ok
21:54:10.0344 2748 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:54:10.0355 2748 amdide - ok
21:54:10.0385 2748 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:54:10.0409 2748 AmdK7 - ok
21:54:10.0435 2748 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:54:10.0459 2748 AmdK8 - ok
21:54:10.0632 2748 AntiVirSchedulerService (ca8a0e78c3bbbad05a9a132bc468df9c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:54:10.0643 2748 AntiVirSchedulerService - ok
21:54:10.0706 2748 AntiVirService (48be1fcff1c929c899f29bcdc8659d9f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:54:10.0717 2748 AntiVirService - ok
21:54:10.0776 2748 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:54:10.0790 2748 Appinfo - ok
21:54:10.0845 2748 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
21:54:10.0859 2748 AppMgmt - ok
21:54:10.0908 2748 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:54:10.0920 2748 arc - ok
21:54:10.0951 2748 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:54:10.0967 2748 arcsas - ok
21:54:11.0060 2748 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:54:11.0070 2748 aspnet_state - ok
21:54:11.0102 2748 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:54:11.0124 2748 AsyncMac - ok
21:54:11.0172 2748 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:54:11.0184 2748 atapi - ok
21:54:11.0258 2748 Ati External Event Utility (54d715af597c06e87418c50f481bdd2c) C:\Windows\system32\Ati2evxx.exe
21:54:11.0281 2748 Ati External Event Utility - ok
21:54:11.0497 2748 atikmdag (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys
21:54:11.0639 2748 atikmdag - ok
21:54:11.0755 2748 ATSWPDRV (4e6833f9591dc6a37e70dc188793f5be) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
21:54:11.0767 2748 ATSWPDRV - ok
21:54:11.0827 2748 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:54:11.0848 2748 AudioEndpointBuilder - ok
21:54:11.0859 2748 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:54:11.0882 2748 Audiosrv - ok
21:54:11.0915 2748 Authentec memory manager (a4fad13fc0d92c615d0d8d6784992ab2) C:\Windows\system32\TAMSvr.exe
21:54:11.0922 2748 Authentec memory manager ( UnsignedFile.Multi.Generic ) - warning
21:54:11.0922 2748 Authentec memory manager - detected UnsignedFile.Multi.Generic (1)
21:54:12.0017 2748 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:54:12.0029 2748 avgio - ok
21:54:12.0048 2748 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
21:54:12.0059 2748 avgntflt - ok
21:54:12.0079 2748 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
21:54:12.0091 2748 avipbb - ok
21:54:12.0146 2748 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:54:12.0158 2748 BcmSqlStartupSvc - ok
21:54:12.0189 2748 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:54:12.0212 2748 Beep - ok
21:54:12.0280 2748 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:54:12.0313 2748 BITS - ok
21:54:12.0337 2748 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:54:12.0361 2748 blbdrive - ok
21:54:12.0389 2748 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:54:12.0406 2748 bowser - ok
21:54:12.0420 2748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:54:12.0442 2748 BrFiltLo - ok
21:54:12.0457 2748 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:54:12.0475 2748 BrFiltUp - ok
21:54:12.0508 2748 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:54:12.0533 2748 Browser - ok
21:54:12.0578 2748 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:54:12.0617 2748 Brserid - ok
21:54:12.0646 2748 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:54:12.0687 2748 BrSerWdm - ok
21:54:12.0703 2748 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:54:12.0744 2748 BrUsbMdm - ok
21:54:12.0760 2748 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:54:12.0797 2748 BrUsbSer - ok
21:54:12.0823 2748 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:54:12.0854 2748 BthEnum - ok
21:54:12.0877 2748 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:54:12.0917 2748 BTHMODEM - ok
21:54:12.0968 2748 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:54:12.0993 2748 BthPan - ok
21:54:13.0044 2748 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
21:54:13.0071 2748 BTHPORT - ok
21:54:13.0119 2748 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
21:54:13.0133 2748 BthServ - ok
21:54:13.0180 2748 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
21:54:13.0204 2748 BTHUSB - ok
21:54:13.0229 2748 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:54:13.0254 2748 cdfs - ok
21:54:13.0293 2748 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:54:13.0315 2748 cdrom - ok
21:54:13.0356 2748 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:54:13.0376 2748 CertPropSvc - ok
21:54:13.0419 2748 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:54:13.0462 2748 circlass - ok
21:54:13.0510 2748 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:54:13.0528 2748 CLFS - ok
21:54:13.0608 2748 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:13.0620 2748 clr_optimization_v2.0.50727_32 - ok
21:54:13.0646 2748 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:13.0669 2748 CmBatt - ok
21:54:13.0707 2748 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:54:13.0719 2748 cmdide - ok
21:54:13.0762 2748 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
21:54:13.0787 2748 CnxtHdAudService - ok
21:54:13.0803 2748 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:54:13.0816 2748 Compbatt - ok
21:54:13.0823 2748 COMSysApp - ok
21:54:13.0889 2748 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:54:13.0894 2748 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
21:54:13.0894 2748 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
21:54:13.0911 2748 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:54:13.0924 2748 crcdisk - ok
21:54:13.0944 2748 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:54:13.0967 2748 Crusoe - ok
21:54:14.0007 2748 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:54:14.0033 2748 CryptSvc - ok
21:54:14.0084 2748 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:54:14.0136 2748 CSC - ok
21:54:14.0183 2748 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
21:54:14.0211 2748 CscService - ok
21:54:14.0263 2748 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:54:14.0297 2748 DcomLaunch - ok
21:54:14.0351 2748 DeviceManager - ok
21:54:14.0423 2748 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:54:14.0466 2748 DfsC - ok
21:54:14.0675 2748 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:54:14.0796 2748 DFSR - ok
21:54:14.0909 2748 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
21:54:14.0915 2748 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:54:14.0915 2748 DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:54:14.0962 2748 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:54:14.0986 2748 Dhcp - ok
21:54:15.0021 2748 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:54:15.0035 2748 disk - ok
21:54:15.0085 2748 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:54:15.0143 2748 Dnscache - ok
21:54:15.0200 2748 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:54:15.0222 2748 dot3svc - ok
21:54:15.0263 2748 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:54:15.0291 2748 DPS - ok
21:54:15.0333 2748 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:54:15.0351 2748 drmkaud - ok
21:54:15.0418 2748 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:54:15.0450 2748 DXGKrnl - ok
21:54:15.0487 2748 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:54:15.0513 2748 E1G60 - ok
21:54:15.0541 2748 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:54:15.0562 2748 EapHost - ok
21:54:15.0609 2748 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:54:15.0626 2748 Ecache - ok
21:54:15.0680 2748 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:54:15.0702 2748 elxstor - ok
21:54:15.0768 2748 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:54:15.0797 2748 EMDMgmt - ok
21:54:15.0826 2748 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:54:15.0849 2748 ErrDev - ok
21:54:15.0890 2748 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:54:15.0916 2748 EventSystem - ok
21:54:15.0962 2748 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:54:15.0995 2748 exfat - ok
21:54:16.0216 2748 ExpressInvoiceService (4aaf8ca0be55b59d12482b82a26c5d47) C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
21:54:16.0346 2748 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0347 2748 ExpressInvoiceService - detected UnsignedFile.Multi.Generic (1)
21:54:16.0546 2748 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:54:16.0567 2748 fastfat - ok
21:54:16.0651 2748 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
21:54:16.0676 2748 Fax - ok
21:54:16.0707 2748 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:54:16.0730 2748 fdc - ok
21:54:16.0746 2748 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:54:16.0770 2748 fdPHost - ok
21:54:16.0786 2748 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:54:16.0828 2748 FDResPub - ok
21:54:16.0852 2748 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:54:16.0865 2748 FileInfo - ok
21:54:16.0890 2748 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:54:16.0915 2748 Filetrace - ok
21:54:16.0947 2748 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:16.0973 2748 flpydisk - ok
21:54:17.0030 2748 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:54:17.0049 2748 FltMgr - ok
21:54:17.0119 2748 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
21:54:17.0158 2748 FontCache - ok
21:54:17.0227 2748 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:54:17.0239 2748 FontCache3.0.0.0 - ok
21:54:17.0280 2748 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:54:17.0304 2748 Fs_Rec - ok
21:54:17.0350 2748 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:54:17.0366 2748 gagp30kx - ok
21:54:17.0457 2748 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:54:17.0514 2748 gpsvc - ok
21:54:17.0579 2748 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:54:17.0597 2748 HdAudAddService - ok
21:54:17.0668 2748 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:54:17.0703 2748 HDAudBus - ok
21:54:17.0744 2748 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:54:17.0784 2748 HidBth - ok
21:54:17.0817 2748 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:54:17.0859 2748 HidIr - ok
21:54:17.0895 2748 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:54:17.0922 2748 hidserv - ok
21:54:17.0963 2748 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:54:17.0985 2748 HidUsb - ok
21:54:18.0027 2748 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:54:18.0056 2748 hkmsvc - ok
21:54:18.0079 2748 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:54:18.0092 2748 HpCISSs - ok
21:54:18.0179 2748 HSF_DPV (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:54:18.0253 2748 HSF_DPV - ok
21:54:18.0285 2748 HSXHWAZL (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:54:18.0301 2748 HSXHWAZL - ok
21:54:18.0357 2748 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:54:18.0395 2748 HTTP - ok
21:54:18.0408 2748 hwdatacard - ok
21:54:18.0510 2748 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:54:18.0523 2748 i2omp - ok
21:54:18.0557 2748 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:54:18.0577 2748 i8042prt - ok
21:54:18.0608 2748 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
21:54:18.0624 2748 iaStor - ok
21:54:18.0664 2748 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:54:18.0683 2748 iaStorV - ok
21:54:18.0791 2748 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:54:18.0797 2748 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:54:18.0797 2748 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:54:18.0906 2748 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:54:18.0945 2748 idsvc - ok
21:54:18.0975 2748 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:54:18.0986 2748 iirsp - ok
21:54:19.0043 2748 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:54:19.0075 2748 IKEEXT - ok
21:54:19.0098 2748 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:54:19.0110 2748 intelide - ok
21:54:19.0125 2748 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:54:19.0152 2748 intelppm - ok
21:54:19.0194 2748 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:54:19.0220 2748 IPBusEnum - ok
21:54:19.0250 2748 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:19.0274 2748 IpFilterDriver - ok
21:54:19.0279 2748 IpInIp - ok
21:54:19.0298 2748 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:54:19.0324 2748 IPMIDRV - ok
21:54:19.0357 2748 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:54:19.0391 2748 IPNAT - ok
21:54:19.0412 2748 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:54:19.0439 2748 IRENUM - ok
21:54:19.0499 2748 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:54:19.0512 2748 isapnp - ok
21:54:19.0572 2748 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:54:19.0588 2748 iScsiPrt - ok
21:54:19.0622 2748 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:54:19.0634 2748 iteatapi - ok
21:54:19.0670 2748 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:54:19.0681 2748 iteraid - ok
21:54:19.0712 2748 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:54:19.0725 2748 kbdclass - ok
21:54:19.0753 2748 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
21:54:19.0777 2748 kbdhid - ok
21:54:19.0827 2748 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:54:19.0841 2748 KeyIso - ok
21:54:19.0906 2748 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:54:19.0932 2748 KSecDD - ok
21:54:19.0989 2748 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:54:20.0023 2748 KtmRm - ok
21:54:20.0099 2748 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:54:20.0118 2748 LanmanServer - ok
21:54:20.0193 2748 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:54:20.0229 2748 LanmanWorkstation - ok
21:54:20.0268 2748 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:54:20.0293 2748 lltdio - ok
21:54:20.0378 2748 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:54:20.0410 2748 lltdsvc - ok
21:54:20.0434 2748 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:54:20.0475 2748 lmhosts - ok
21:54:20.0531 2748 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:54:20.0545 2748 LSI_FC - ok
21:54:20.0578 2748 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:54:20.0592 2748 LSI_SAS - ok
21:54:20.0695 2748 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:54:20.0709 2748 LSI_SCSI - ok
21:54:20.0737 2748 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:54:20.0762 2748 luafv - ok
21:54:20.0793 2748 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:54:20.0805 2748 mdmxsdk - ok
21:54:20.0880 2748 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:54:20.0925 2748 megasas - ok
21:54:20.0980 2748 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:54:21.0004 2748 MegaSR - ok
21:54:21.0226 2748 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:54:21.0247 2748 Microsoft Office Groove Audit Service - ok
21:54:21.0279 2748 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:54:21.0306 2748 MMCSS - ok
21:54:21.0341 2748 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:54:21.0364 2748 Modem - ok
21:54:21.0393 2748 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:54:21.0419 2748 monitor - ok
21:54:21.0433 2748 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:54:21.0451 2748 mouclass - ok
21:54:21.0477 2748 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:54:21.0503 2748 mouhid - ok
21:54:21.0538 2748 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:54:21.0551 2748 MountMgr - ok
21:54:21.0597 2748 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:54:21.0611 2748 mpio - ok
21:54:21.0652 2748 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:54:21.0672 2748 mpsdrv - ok
21:54:21.0701 2748 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:54:21.0714 2748 Mraid35x - ok
21:54:21.0762 2748 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:54:21.0779 2748 MRxDAV - ok
21:54:21.0833 2748 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:21.0861 2748 mrxsmb - ok
21:54:21.0906 2748 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:21.0924 2748 mrxsmb10 - ok
21:54:21.0948 2748 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:21.0963 2748 mrxsmb20 - ok
21:54:22.0024 2748 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:54:22.0036 2748 msahci - ok
21:54:22.0076 2748 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:54:22.0090 2748 msdsm - ok
21:54:22.0134 2748 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:54:22.0160 2748 MSDTC - ok
21:54:22.0187 2748 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:54:22.0225 2748 Msfs - ok
21:54:22.0329 2748 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:54:22.0340 2748 msisadrv - ok
21:54:22.0380 2748 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:54:22.0408 2748 MSiSCSI - ok
21:54:22.0413 2748 msiserver - ok
21:54:22.0458 2748 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:54:22.0483 2748 MSKSSRV - ok
21:54:22.0503 2748 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:22.0527 2748 MSPCLOCK - ok
21:54:22.0547 2748 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:54:22.0587 2748 MSPQM - ok
21:54:22.0730 2748 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:54:22.0745 2748 MsRPC - ok
21:54:22.0794 2748 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:54:22.0806 2748 mssmbios - ok
21:54:22.0940 2748 MSSQL$MSSMLBIZ - ok
21:54:23.0050 2748 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:54:23.0062 2748 MSSQLServerADHelper - ok
21:54:23.0100 2748 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:54:23.0124 2748 MSTEE - ok
21:54:23.0159 2748 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:54:23.0172 2748 Mup - ok
21:54:23.0231 2748 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:54:23.0260 2748 napagent - ok
21:54:23.0322 2748 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:54:23.0341 2748 NativeWifiP - ok
21:54:23.0410 2748 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:54:23.0439 2748 NDIS - ok
21:54:23.0477 2748 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:23.0497 2748 NdisTapi - ok
21:54:23.0525 2748 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:23.0550 2748 Ndisuio - ok
21:54:23.0607 2748 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:23.0629 2748 NdisWan - ok
21:54:23.0651 2748 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:54:23.0672 2748 NDProxy - ok
21:54:23.0706 2748 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:54:23.0735 2748 NetBIOS - ok
21:54:23.0787 2748 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:54:23.0811 2748 netbt - ok
21:54:23.0861 2748 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:54:23.0875 2748 Netlogon - ok
21:54:23.0932 2748 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:54:23.0968 2748 Netman - ok
21:54:24.0034 2748 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:54:24.0081 2748 netprofm - ok
21:54:24.0249 2748 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:54:24.0280 2748 NetTcpPortSharing - ok
21:54:24.0479 2748 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
21:54:24.0745 2748 NETw5v32 - ok
21:54:24.0877 2748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:54:24.0889 2748 nfrd960 - ok
21:54:24.0923 2748 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:54:24.0953 2748 NlaSvc - ok
21:54:24.0987 2748 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\Windows\system32\drivers\ccdcmb.sys
21:54:25.0026 2748 nmwcd - ok
21:54:25.0050 2748 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\Windows\system32\drivers\ccdcmbo.sys
21:54:25.0075 2748 nmwcdc - ok
21:54:25.0133 2748 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\Windows\system32\drivers\nmwcdnsu.sys
21:54:25.0163 2748 nmwcdnsu - ok
21:54:25.0188 2748 nmwcdnsuc (fb09150cfc7a499a53c308d04841a3bd) C:\Windows\system32\drivers\nmwcdnsuc.sys
21:54:25.0211 2748 nmwcdnsuc - ok
21:54:25.0248 2748 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:54:25.0266 2748 Npfs - ok
21:54:25.0315 2748 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:54:25.0340 2748 nsi - ok
21:54:25.0368 2748 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:54:25.0395 2748 nsiproxy - ok
21:54:25.0559 2748 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:54:25.0605 2748 Ntfs - ok
21:54:25.0650 2748 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:54:25.0692 2748 ntrigdigi - ok
21:54:25.0723 2748 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:54:25.0746 2748 Null - ok
21:54:25.0777 2748 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:54:25.0791 2748 nvraid - ok
21:54:25.0820 2748 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:54:25.0832 2748 nvstor - ok
21:54:25.0874 2748 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:54:25.0889 2748 nv_agp - ok
21:54:25.0896 2748 NwlnkFlt - ok
21:54:25.0905 2748 NwlnkFwd - ok
21:54:26.0011 2748 o2flash (d955d5de998db2476bf0892be3a96c26) c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
21:54:26.0016 2748 o2flash ( UnsignedFile.Multi.Generic ) - warning
21:54:26.0016 2748 o2flash - detected UnsignedFile.Multi.Generic (1)
21:54:26.0064 2748 O2MDRDR (78575368974962042472f18b24d3cf28) C:\Windows\system32\DRIVERS\o2media.sys
21:54:26.0073 2748 O2MDRDR - ok
21:54:26.0253 2748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:54:26.0283 2748 odserv - ok
21:54:26.0313 2748 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:54:26.0332 2748 ohci1394 - ok
21:54:26.0369 2748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:26.0382 2748 ose - ok
21:54:26.0444 2748 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:54:26.0495 2748 p2pimsvc - ok
21:54:26.0505 2748 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:54:26.0534 2748 p2psvc - ok
21:54:26.0603 2748 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:54:26.0653 2748 Parport - ok
21:54:26.0755 2748 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:54:26.0770 2748 partmgr - ok
21:54:26.0852 2748 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:54:26.0892 2748 Parvdm - ok
21:54:26.0924 2748 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:54:26.0940 2748 PcaSvc - ok
21:54:26.0987 2748 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
21:54:27.0009 2748 pccsmcfd - ok
21:54:27.0046 2748 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:54:27.0062 2748 pci - ok
21:54:27.0148 2748 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:54:27.0161 2748 pciide - ok
21:54:27.0197 2748 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:54:27.0213 2748 pcmcia - ok
21:54:27.0286 2748 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:54:27.0368 2748 PEAUTH - ok
21:54:27.0558 2748 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:54:27.0649 2748 pla - ok
21:54:27.0885 2748 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:54:27.0914 2748 PlugPlay - ok
21:54:27.0981 2748 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:54:28.0028 2748 PNRPAutoReg - ok
21:54:28.0039 2748 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:54:28.0069 2748 PNRPsvc - ok
21:54:28.0113 2748 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:54:28.0154 2748 PolicyAgent - ok
21:54:28.0276 2748 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:54:28.0302 2748 PptpMiniport - ok
21:54:28.0337 2748 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:54:28.0383 2748 Processor - ok
21:54:28.0446 2748 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:54:28.0478 2748 ProfSvc - ok
21:54:28.0529 2748 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:54:28.0563 2748 ProtectedStorage - ok
21:54:28.0620 2748 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:54:28.0640 2748 PSched - ok
21:54:28.0681 2748 qcusbser (9ccf89372c5a04e97cd89b58ae697796) C:\Windows\system32\DRIVERS\qcusbser.sys
21:54:28.0708 2748 qcusbser - ok
21:54:28.0756 2748 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
21:54:28.0784 2748 QIOMem - ok
21:54:28.0883 2748 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:54:28.0955 2748 ql2300 - ok
21:54:28.0980 2748 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:54:28.0993 2748 ql40xx - ok
21:54:29.0052 2748 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:54:29.0071 2748 QWAVE - ok
21:54:29.0084 2748 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:54:29.0106 2748 QWAVEdrv - ok
21:54:29.0128 2748 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:54:29.0152 2748 RasAcd - ok
21:54:29.0187 2748 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:54:29.0215 2748 RasAuto - ok
21:54:29.0245 2748 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:29.0271 2748 Rasl2tp - ok
21:54:29.0338 2748 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:54:29.0365 2748 RasMan - ok
21:54:29.0401 2748 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:29.0421 2748 RasPppoe - ok
21:54:29.0474 2748 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:54:29.0489 2748 RasSstp - ok
21:54:29.0542 2748 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:54:29.0566 2748 rdbss - ok
21:54:29.0602 2748 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:29.0626 2748 RDPCDD - ok
21:54:29.0700 2748 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:54:29.0724 2748 rdpdr - ok
21:54:29.0757 2748 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:54:29.0783 2748 RDPENCDD - ok
21:54:29.0857 2748 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:54:29.0902 2748 RDPWD - ok
21:54:29.0955 2748 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:54:29.0983 2748 RemoteAccess - ok
21:54:30.0039 2748 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:54:30.0064 2748 RemoteRegistry - ok
21:54:30.0100 2748 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:54:30.0128 2748 RFCOMM - ok
21:54:30.0283 2748 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:54:30.0301 2748 RichVideo - ok
21:54:30.0332 2748 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:54:30.0360 2748 ROOTMODEM - ok
21:54:30.0395 2748 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:54:30.0409 2748 RpcLocator - ok
21:54:30.0466 2748 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:54:30.0519 2748 RpcSs - ok
21:54:30.0545 2748 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:54:30.0573 2748 rspndr - ok
21:54:30.0650 2748 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:54:30.0664 2748 SamSs - ok
21:54:30.0715 2748 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:54:30.0728 2748 sbp2port - ok
21:54:30.0790 2748 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:54:30.0814 2748 SCardSvr - ok
21:54:30.0884 2748 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:54:30.0957 2748 Schedule - ok
21:54:31.0113 2748 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:54:31.0132 2748 SCPolicySvc - ok
21:54:31.0188 2748 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:54:31.0208 2748 sdbus - ok
21:54:31.0285 2748 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:54:31.0336 2748 SDRSVC - ok
21:54:31.0365 2748 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:54:31.0404 2748 secdrv - ok
21:54:31.0421 2748 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:54:31.0448 2748 seclogon - ok
21:54:31.0474 2748 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:54:31.0501 2748 SENS - ok
21:54:31.0531 2748 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:54:31.0571 2748 Serenum - ok
21:54:31.0600 2748 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:54:31.0641 2748 Serial - ok
21:54:31.0681 2748 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:54:31.0704 2748 sermouse - ok
21:54:31.0802 2748 ServiceLayer (77faa749c34193f003f666d2e368a1f8) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:54:31.0825 2748 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:54:31.0825 2748 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:54:31.0887 2748 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:54:31.0913 2748 SessionEnv - ok
21:54:31.0948 2748 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:54:31.0967 2748 sffdisk - ok
21:54:31.0986 2748 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:54:32.0011 2748 sffp_mmc - ok
21:54:32.0060 2748 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:54:32.0078 2748 sffp_sd - ok
21:54:32.0099 2748 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:54:32.0140 2748 sfloppy - ok
21:54:32.0180 2748 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:54:32.0218 2748 ShellHWDetection - ok
21:54:32.0240 2748 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:54:32.0254 2748 sisagp - ok
21:54:32.0309 2748 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:54:32.0321 2748 SiSRaid2 - ok
21:54:32.0350 2748 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:54:32.0364 2748 SiSRaid4 - ok
21:54:32.0564 2748 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:54:32.0816 2748 slsvc - ok
21:54:33.0229 2748 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:54:33.0251 2748 SLUINotify - ok
21:54:33.0332 2748 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
21:54:33.0338 2748 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
21:54:33.0338 2748 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
21:54:33.0400 2748 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:54:33.0420 2748 Smb - ok
21:54:33.0464 2748 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:54:33.0478 2748 SNMPTRAP - ok
21:54:33.0507 2748 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:54:33.0520 2748 spldr - ok
21:54:33.0553 2748 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:54:33.0593 2748 Spooler - ok
21:54:33.0649 2748 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:54:33.0663 2748 SQLBrowser - ok
21:54:33.0695 2748 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:54:33.0707 2748 SQLWriter - ok
21:54:33.0755 2748 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:54:33.0797 2748 srv - ok
21:54:33.0820 2748 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:54:33.0836 2748 srv2 - ok
21:54:33.0862 2748 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:54:33.0899 2748 srvnet - ok
21:54:34.0041 2748 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:54:34.0070 2748 SSDPSRV - ok
21:54:34.0111 2748 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:54:34.0120 2748 ssmdrv - ok
21:54:34.0147 2748 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
21:54:34.0153 2748 SSPORT ( UnsignedFile.Multi.Generic ) - warning
21:54:34.0153 2748 SSPORT - detected UnsignedFile.Multi.Generic (1)
21:54:34.0198 2748 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:54:34.0215 2748 SstpSvc - ok
21:54:34.0276 2748 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:54:34.0322 2748 stisvc - ok
21:54:34.0427 2748 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:54:34.0439 2748 swenum - ok
21:54:34.0551 2748 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:54:34.0575 2748 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:54:34.0576 2748 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:54:34.0632 2748 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:54:34.0658 2748 swprv - ok
21:54:34.0698 2748 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:54:34.0709 2748 Symc8xx - ok
21:54:34.0735 2748 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:54:34.0746 2748 Sym_hi - ok
21:54:34.0765 2748 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:54:34.0777 2748 Sym_u3 - ok
21:54:34.0845 2748 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
21:54:34.0865 2748 SynTP - ok
21:54:34.0935 2748 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:54:34.0972 2748 SysMain - ok
21:54:35.0005 2748 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:54:35.0024 2748 TabletInputService - ok
21:54:35.0073 2748 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:54:35.0100 2748 TapiSrv - ok
21:54:35.0135 2748 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:54:35.0162 2748 TBS - ok
21:54:35.0360 2748 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:54:35.0419 2748 Tcpip - ok
21:54:35.0429 2748 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:54:35.0463 2748 Tcpip6 - ok
21:54:35.0509 2748 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:54:35.0555 2748 tcpipreg - ok
21:54:35.0589 2748 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:54:35.0601 2748 tdcmdpst - ok
21:54:35.0674 2748 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:54:35.0697 2748 TDPIPE - ok
21:54:35.0726 2748 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:54:35.0749 2748 TDTCP - ok
21:54:35.0826 2748 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:54:35.0846 2748 tdx - ok
21:54:35.0882 2748 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:54:35.0896 2748 TermDD - ok
21:54:35.0959 2748 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:54:35.0993 2748 TermService - ok
21:54:36.0048 2748 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:54:36.0097 2748 Themes - ok
21:54:36.0136 2748 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:54:36.0162 2748 THREADORDER - ok
21:54:36.0291 2748 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
21:54:36.0301 2748 TNaviSrv - ok
21:54:36.0341 2748 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
21:54:36.0357 2748 TODDSrv - ok
21:54:36.0420 2748 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:54:36.0467 2748 TosCoSrv - ok
21:54:36.0532 2748 TOSHIBA Bluetooth Service (8e10e654e354cf330ed75882769a0107) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:54:36.0543 2748 TOSHIBA Bluetooth Service - ok
21:54:36.0598 2748 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
21:54:36.0605 2748 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
21:54:36.0605 2748 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
21:54:36.0749 2748 tosporte (2c15b4856f929ac7dd144044d8334b54) C:\Windows\system32\DRIVERS\tosporte.sys
21:54:36.0800 2748 tosporte - ok
21:54:36.0870 2748 tosrfbd (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\Windows\system32\DRIVERS\tosrfbd.sys
21:54:36.0906 2748 tosrfbd - ok
21:54:36.0926 2748 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\Windows\system32\Drivers\tosrfbnp.sys
21:54:36.0957 2748 tosrfbnp - ok
21:54:36.0989 2748 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\Windows\system32\Drivers\tosrfcom.sys
21:54:37.0012 2748 Tosrfcom - ok
21:54:37.0035 2748 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
21:54:37.0045 2748 tosrfec - ok
21:54:37.0072 2748 Tosrfhid (d3f87c46c7c9e5db99fbd3d17121b891) C:\Windows\system32\DRIVERS\Tosrfhid.sys
21:54:37.0094 2748 Tosrfhid - ok
21:54:37.0120 2748 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
21:54:37.0147 2748 tosrfnds - ok
21:54:37.0170 2748 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\Windows\system32\drivers\tosrfsnd.sys
21:54:37.0199 2748 TosRfSnd - ok
21:54:37.0259 2748 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
21:54:37.0283 2748 Tosrfusb - ok
21:54:37.0327 2748 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:54:37.0345 2748 tos_sps32 - ok
21:54:37.0389 2748 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:54:37.0417 2748 TrkWks - ok
21:54:37.0539 2748 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:54:37.0559 2748 TrustedInstaller - ok
21:54:37.0622 2748 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:37.0646 2748 tssecsrv - ok
21:54:37.0657 2748 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:54:37.0677 2748 tunmp - ok
21:54:37.0713 2748 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:54:37.0726 2748 tunnel - ok
21:54:37.0759 2748 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:54:37.0772 2748 TVALZ - ok
21:54:37.0799 2748 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:54:37.0813 2748 uagp35 - ok
21:54:37.0895 2748 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:54:37.0918 2748 udfs - ok
21:54:37.0957 2748 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:54:37.0983 2748 UI0Detect - ok
21:54:38.0107 2748 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:54:38.0112 2748 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
21:54:38.0112 2748 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
21:54:38.0150 2748 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:54:38.0162 2748 uliagpkx - ok
21:54:38.0194 2748 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:54:38.0211 2748 uliahci - ok
21:54:38.0235 2748 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:54:38.0248 2748 UlSata - ok
21:54:38.0274 2748 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:54:38.0287 2748 ulsata2 - ok
21:54:38.0308 2748 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:54:38.0332 2748 umbus - ok
21:54:38.0386 2748 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
21:54:38.0422 2748 UmRdpService - ok
21:54:38.0465 2748 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:54:38.0496 2748 upnphost - ok
21:54:38.0531 2748 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:54:38.0571 2748 upperdev - ok
21:54:38.0617 2748 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:38.0636 2748 usbccgp - ok
21:54:38.0663 2748 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:54:38.0701 2748 usbcir - ok
21:54:38.0737 2748 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:54:38.0756 2748 usbehci - ok
21:54:38.0790 2748 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:54:38.0811 2748 usbhub - ok
21:54:38.0830 2748 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:54:38.0869 2748 usbohci - ok
21:54:38.0892 2748 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:38.0915 2748 usbprint - ok
21:54:38.0940 2748 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:54:38.0958 2748 usbscan - ok
21:54:38.0992 2748 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys
21:54:39.0014 2748 usbser - ok
21:54:39.0049 2748 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:54:39.0072 2748 UsbserFilt - ok
21:54:39.0106 2748 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:39.0126 2748 USBSTOR - ok
21:54:39.0154 2748 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:39.0173 2748 usbuhci - ok
21:54:39.0190 2748 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:54:39.0216 2748 usbvideo - ok
21:54:39.0243 2748 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
21:54:39.0271 2748 UVCFTR - ok
21:54:39.0311 2748 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:54:39.0333 2748 UxSms - ok
21:54:39.0379 2748 vci109w3 (82858fc609d6a4cc66061027c16edd09) C:\Windows\system32\DRIVERS\vci109w3.sys
21:54:39.0400 2748 vci109w3 - ok
21:54:39.0415 2748 vcisrv (4aac39e916ed596fedbdf83a5cf2059d) C:\Windows\System32\drivers\vcisrv.sys
21:54:39.0435 2748 vcisrv - ok
21:54:39.0488 2748 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:54:39.0519 2748 vds - ok
21:54:39.0574 2748 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:39.0597 2748 vga - ok
21:54:39.0610 2748 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:54:39.0634 2748 VgaSave - ok
21:54:39.0655 2748 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:54:39.0667 2748 viaagp - ok
21:54:39.0686 2748 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:54:39.0709 2748 ViaC7 - ok
21:54:39.0729 2748 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:54:39.0740 2748 viaide - ok
21:54:39.0789 2748 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:54:39.0801 2748 volmgr - ok
21:54:39.0845 2748 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:54:39.0861 2748 volmgrx - ok
21:54:39.0905 2748 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:54:39.0921 2748 volsnap - ok
21:54:39.0957 2748 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:54:39.0970 2748 vsmraid - ok
21:54:40.0062 2748 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:54:40.0118 2748 VSS - ok
21:54:40.0175 2748 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:54:40.0203 2748 W32Time - ok
21:54:40.0269 2748 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:54:40.0308 2748 WacomPen - ok
21:54:40.0341 2748 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:40.0360 2748 Wanarp - ok
21:54:40.0372 2748 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:40.0394 2748 Wanarpv6 - ok
21:54:40.0454 2748 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
21:54:40.0547 2748 wbengine - ok
21:54:40.0602 2748 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:54:40.0629 2748 wcncsvc - ok
21:54:40.0679 2748 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:54:40.0702 2748 WcsPlugInService - ok
21:54:40.0761 2748 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:54:40.0774 2748 Wd - ok
21:54:40.0818 2748 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:54:40.0839 2748 Wdf01000 - ok
21:54:40.0868 2748 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:54:40.0895 2748 WdiServiceHost - ok
21:54:40.0903 2748 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:54:40.0930 2748 WdiSystemHost - ok
21:54:40.0976 2748 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:54:40.0996 2748 WebClient - ok
21:54:41.0040 2748 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
21:54:41.0069 2748 Wecsvc - ok
21:54:41.0086 2748 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:54:41.0108 2748 wercplsupport - ok
21:54:41.0155 2748 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:54:41.0178 2748 WerSvc - ok
21:54:41.0237 2748 winachsf (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:54:41.0267 2748 winachsf - ok
21:54:41.0280 2748 WinHttpAutoProxySvc - ok
21:54:41.0344 2748 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:54:41.0367 2748 Winmgmt - ok
21:54:41.0444 2748 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
21:54:41.0484 2748 WinRM - ok
21:54:41.0571 2748 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:54:41.0599 2748 Wlansvc - ok
21:54:41.0809 2748 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:54:41.0874 2748 wlidsvc - ok
21:54:42.0014 2748 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:54:42.0034 2748 WmiAcpi - ok
21:54:42.0110 2748 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:54:42.0131 2748 wmiApSrv - ok
21:54:42.0257 2748 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:54:42.0293 2748 WMPNetworkSvc - ok
21:54:42.0350 2748 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:54:42.0368 2748 WPDBusEnum - ok
21:54:42.0412 2748 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:54:42.0425 2748 WpdUsb - ok
21:54:42.0471 2748 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:42.0494 2748 ws2ifsl - ok
21:54:42.0497 2748 WSearch - ok
21:54:42.0613 2748 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:54:42.0720 2748 wuauserv - ok
21:54:42.0844 2748 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:42.0869 2748 WUDFRd - ok
21:54:42.0899 2748 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:54:42.0926 2748 wudfsvc - ok
21:54:42.0964 2748 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
21:54:42.0975 2748 XAudio - ok
21:54:43.0002 2748 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
21:54:43.0023 2748 XAudioService - ok
21:54:43.0073 2748 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
21:54:43.0112 2748 yukonwlh - ok
21:54:43.0160 2748 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:54:43.0608 2748 \Device\Harddisk0\DR0 - ok
21:54:43.0611 2748 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1
21:54:45.0862 2748 \Device\Harddisk1\DR1 - ok
21:54:45.0907 2748 Boot (0x1200) (253b32bc88a3ec02c369c14b6a8aafad) \Device\Harddisk0\DR0\Partition0
21:54:45.0909 2748 \Device\Harddisk0\DR0\Partition0 - ok
21:54:45.0915 2748 Boot (0x1200) (3f72a4fcf744bc99d4d603f2d4e2c3e0) \Device\Harddisk1\DR1\Partition0
21:54:45.0916 2748 \Device\Harddisk1\DR1\Partition0 - ok
21:54:45.0919 2748 ============================================================
21:54:45.0919 2748 Scan finished
21:54:45.0919 2748 ============================================================
21:54:45.0932 2652 Detected object count: 12
21:54:45.0932 2652 Actual detected object count: 12
21:54:50.0983 2652 Authentec memory manager ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0983 2652 Authentec memory manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0983 2652 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0983 2652 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0984 2652 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0984 2652 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0986 2652 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0986 2652 ExpressInvoiceService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0988 2652 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0988 2652 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0990 2652 o2flash ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0991 2652 o2flash ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0991 2652 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0991 2652 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0993 2652 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0993 2652 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0994 2652 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0994 2652 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0997 2652 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0997 2652 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0997 2652 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0997 2652 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:54:50.0999 2652 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:54:50.0999 2652 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Farbar Service Scanner Version: 19-07-2012
Ran by test (administrator) on 22-07-2012 at 22:02:16
Running from "C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5HVXAW0"
Microsoft® Windows Vista™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-06-20 16:37] - [2012-03-30 22:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****





OTL Extras logfile created on: 22/07/2012 10:05:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\test\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
6.18 Gb Paging File | 3.59 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 3.57 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 231.80 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

Computer Name: DAVES | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08233ADA-AA4C-A977-58FD-DB6C684BE010}" = Catalyst Control Center Localization Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B4C7D42-323A-F3FD-5B18-0222082E6FDD}" = Catalyst Control Center Localization Dutch
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D348034-9CBE-19FC-19B0-B2CDC78E50F1}" = ccc-core-static
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10B35323-BE1A-61FB-C4D1-E88F24147617}" = Catalyst Control Center Localization Thai
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP360" = Canon MP360
"{11FC2772-F7FD-21FD-614F-CE58BF52C398}" = Catalyst Control Center Localization Chinese Standard
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{12911298-DDB4-AD44-E530-AEB8127503C9}" = CCC Help Italian
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{1714616C-61CE-44D5-AF0B-53404D7FA83A}" = Catalyst Control Center Localization Korean
"{18625A47-84A9-6F6C-3780-79221B6095C3}" = CCC Help Norwegian
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C3F57C7-8474-DF38-8F9F-0EBFB554FD56}" = Catalyst Control Center Localization Hungarian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{264324EA-35F7-AD77-CC96-F9F47A9A6284}" = Catalyst Control Center Localization Czech
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 30
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A6F930B-12DA-AD4F-C4A4-E008F73A8016}" = CCC Help English
"{2AEC1EC0-0C01-8831-B04F-41FB4A92B677}" = Catalyst Control Center Localization Spanish
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{31326B80-1D01-4DBA-1DCA-A0731182A2E6}" = CCC Help Korean
"{31DD9FF4-23CD-7898-0305-70D806E2F7DB}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AC44A1-81C2-0A61-0EC0-59EFC503A1EA}" = Catalyst Control Center Localization Danish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3DFE65B6-3AC9-C44A-1160-A449E0DFFE94}" = CCC Help Greek
"{3ECB61CE-18CA-4B0E-A0DB-B1FF29D8CCAD}" = PartSmart
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{405AE172-0CE0-E2A1-1693-1B120B71AF32}" = Catalyst Control Center Localization Japanese
"{4669544E-20E4-4E56-8B44-2E6E1200051F}" = Canon MP Toolbox 4.1.1.0.mp10
"{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"{496F4FDB-A4A5-4AB1-89C2-7B4FFD37F9F1}" = HP Deskjet 1050 J410 series Basic Device Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC3B285-BE6C-E873-42A1-AE221B3BE4F2}" = CCC Help Hungarian
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CAB637-25EA-33FE-2FF4-6F6182BCCF12}" = CCC Help Chinese Standard
"{567AE922-FB8D-943D-921E-B390A2FBD625}" = CCC Help Russian
"{5788504C-08BC-E414-C019-60D8E2A2A1EB}" = CCC Help Portuguese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{6BCE01B8-333E-667E-0FC9-5070EA9B8108}" = Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EA4F33E-8F12-AB92-D497-2D454E3C4BB7}" = CCC Help Polish
"{6FB6D968-6E8D-3FCB-1F2D-7ED24FC1BA07}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206AFB8-99ED-B788-3DE8-0AE3DBD97B24}" = Catalyst Control Center Localization French
"{732662AE-82C0-9184-CE57-4257695EE1CE}" = CCC Help German
"{73AAEC5C-BA64-4655-A7B7-67874574530B}" = e-tax 2009
"{754F90E7-DE41-0ADE-2E3F-2C269ED9C2EE}" = CCC Help Finnish
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B12F319-43E1-D2DD-ABFE-50E34F76A740}" = Catalyst Control Center Graphics Full New
"{7CD8E2EF-AD40-7BD3-13E5-2B2847E568DD}" = ATI Catalyst Install Manager
"{7E340EDB-9BF0-5CF2-C12D-7C31992070E3}" = CCC Help Turkish
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E1916D-0D14-43F2-B3E6-1BCB7E831704}" = PartSmart 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF16DB8-2845-88FE-BDC2-EEF067F9B1EC}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E166691-B3ED-0F76-1FE9-AB3DBAAD75DD}" = CCC Help French
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC4E9457-107B-448F-AD89-605E122E8C59}" = Nokia PC Suite
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE48AE94-D6CC-48FA-90EB-ADCF34E751B6}" = PartSmart
"{AED994C5-E6CE-0377-09ED-C4000E4189BF}" = Catalyst Control Center Core Implementation
"{AF899B9E-5842-8839-3EDB-AF9EADF52F45}" = ccc-utility
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B245D989-F88A-C2C3-1958-A91254DEC387}" = Catalyst Control Center Graphics Light
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3D15F34-F377-26A0-4CCF-2CB47E5810CD}" = CCC Help Dutch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5359AD5-4950-174E-4070-CDB1881B161F}" = CCC Help Czech
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{C07CA803-141E-A7C3-13E0-AB99FC5DC7B4}" = Catalyst Control Center Localization Polish
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7838AAD-8B29-86D3-6E04-417C7B7EE628}" = Catalyst Control Center Localization Greek
"{C8585E46-A5C9-8E20-77CA-378D5C291B09}" = Catalyst Control Center Localization Finnish
"{C92C2F87-1E84-A9E5-81F3-3B93DC991A4E}" = Catalyst Control Center Localization Chinese Traditional
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB01DA5C-48B7-D9A6-22DE-D678D6007C56}" = Catalyst Control Center Localization German
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D05EB4EF-29BE-8031-9AF5-2DC9485D5870}" = Catalyst Control Center Localization Russian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7F069BF-7A9F-6A09-D5AE-E77F8B2E892F}" = CCC Help Danish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9680E32-F3A6-4C7D-AD6E-3368C07A4FF1}" = DIUS Flasher 1.0
"{DBEC8940-AEB3-4e20-99C2-6B9E38D5C285}_is1" = IXXAT VCI 3.2.2.2098
"{DDC519DE-AC45-634C-C009-6FCE1EF313F3}" = Catalyst Control Center Localization Portuguese
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED3C1C9D-0496-6884-8B32-8A2B73219C20}" = Catalyst Control Center Localization Italian
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A85260-5B90-4C0E-07FF-72A89AA18F77}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F24E1A94-76DD-85BD-5B6C-6701CC4E8A0F}" = CCC Help Chinese Traditional
"{F4614173-1F8B-A19A-C2CC-57834FBCCE6C}" = CCC Help Spanish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{F89CF986-3AA7-8B20-390A-D5C09F27F85D}" = Catalyst Control Center Localization Turkish
"{F8F37F88-4CB6-9162-AE65-7BBA7E476547}" = Catalyst Control Center Graphics Previews Vista
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FFF7CB0F-FA65-7115-2CEC-16C21037C88E}" = CCC Help Thai
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B.U.D.S. L3.3.1" = BRP B.U.D.S. L3.3.1
"B.U.D.S. P2.3.21" = BRP B.U.D.S. P2.3.21
"B.U.D.S. P2.3.22" = BRP B.U.D.S. P2.3.22
"BUDS P2.3.27_is1" = BUDS P2.3.27.7
"BUDS P2.3.28_is1" = BUDS P2.3.28.9
"BUDS_is1" = BUDS 3.0.3.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows Driver Package - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC45 Reference Guide" = ESC45 Reference Guide
"ESC45 Software Guide" = ESC45 Software Guide
"ExpressInvoice" = Express Invoice
"FMS" = FMS
"FrostWire" = FrostWire 4.21.3
"FrostWire 5" = FrostWire 5.0.8
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"ieSpell" = ieSpell
"InstallShield_{491DD193-1B57-4D1C-8B14-18B96992A89F}" = TOSHIBA Supervisor Password
"InstallShield_{52573F8D-F099-4CB5-9EDE-5C27ECB4A02B}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Instant Invoice n CashBook 2007_is1" = Instant Invoice n CashBook 2007
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Nokia PC Suite" = Nokia PC Suite
"Pasword Security Vault v2.0" = Pasword Security Vault v2.0
"PhotoRescue Expert PC Demo_is1" = PhotoRescue Expert PC Demo 2.1.710
"PK-PCSU_is1" = PC Speed Up
"Polaris Digital Wrench" = Polaris Digital Wrench 3.2
"PROHYBRIDR" = 2007 Microsoft Office system
"Reimage Repair" = Reimage Repair
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Stellarium_is1" = Stellarium 0.10.6.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WiseConvert Toolbar" = WiseConvert Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4072541184-349085404-2171864745-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/07/2012 5:23:37 AM | Computer Name = Daves | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6607.1000, time stamp
0x4e398dcd, faulting module olmapi32.dll, version 12.0.6606.1000, time stamp 0x4e2f95e8,
exception code 0xc0000005, fault offset 0x000252f0, process id 0x1740, application
start time 0x01cd67225888ed10.

Error - 21/07/2012 7:43:46 AM | Computer Name = Daves | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6607.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1284 Start Time: 01cd67360a432580 Termination Time: 7

Error - 21/07/2012 8:02:30 AM | Computer Name = Daves | Source = Application Error | ID = 1000
Description = Faulting application OUTLOOK.EXE, version 12.0.6607.1000, time stamp
0x4e398dcd, faulting module outlph.dll, version 12.0.6600.1000, time stamp 0x4de50f70,
exception code 0xc0000005, fault offset 0x00013a27, process id 0x1434, application
start time 0x01cd67365d59bef0.

Error - 21/07/2012 8:10:07 AM | Computer Name = Daves | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6607.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1670 Start Time: 01cd67399f189e80 Termination Time: 19

Error - 21/07/2012 9:13:26 AM | Computer Name = Daves | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 9.2.0.124, time stamp 0x4ac7307c,
faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception
code 0xc0000005, fault offset 0x00047336, process id 0x1384, application start time
0x01cd673a736f23c0.

Error - 21/07/2012 9:53:05 AM | Computer Name = Daves | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6607.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1298 Start Time: 01cd6748191364a0 Termination Time: 9

Error - 21/07/2012 9:57:50 AM | Computer Name = Daves | Source = Avira AntiVir | ID = 4117
Description = The keyfile contains no valid license. The service will be stopped!

Error - 21/07/2012 10:19:18 AM | Computer Name = Daves | Source = Avira AntiVir | ID = 4117
Description = The keyfile contains no valid license. The service will be stopped!

Error - 21/07/2012 10:40:49 AM | Computer Name = Daves | Source = Windows Search Service | ID = 3024
Description =

Error - 21/07/2012 10:50:35 AM | Computer Name = Daves | Source = Avira AntiVir | ID = 4117
Description = The keyfile contains no valid license. The service will be stopped!

[ OSession Events ]
Error - 10/07/2012 6:09:22 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 78
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/07/2012 4:25:32 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 78
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/07/2012 7:22:32 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 78
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/07/2012 2:38:53 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 156
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 2:43:17 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 240
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 2:46:46 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18/07/2012 10:12:46 PM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/07/2012 10:13:42 PM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 38
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/07/2012 5:23:36 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/07/2012 8:02:30 AM | Computer Name = Daves | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1004
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/07/2012 10:43:06 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7009
Description =

Error - 21/07/2012 10:43:06 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2012 10:43:42 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7009
Description =

Error - 21/07/2012 10:43:42 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2012 10:44:24 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7009
Description =

Error - 21/07/2012 10:44:24 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2012 10:50:45 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7023
Description =

Error - 21/07/2012 10:50:45 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2012 10:50:45 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7003
Description =

Error - 21/07/2012 10:50:45 AM | Computer Name = Daves | Source = Service Control Manager | ID = 7003
Description =


< End of report >






OTL logfile created on: 22/07/2012 10:05:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\test\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
6.18 Gb Paging File | 3.59 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.86 Gb Total Space | 3.57 Gb Free Space | 1.59% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 231.80 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

Computer Name: DAVES | User Name: test | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 22:05:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\test\Downloads\OTL.exe
PRC - [2011/08/03 08:48:30 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10u_ActiveX.exe
PRC - [2010/12/13 07:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 07:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/13 14:10:10 | 000,098,304 | ---- | M] () -- C:\Program Files\HSPA USB MODEM\ModemListener.exe
PRC - [2010/08/13 14:10:08 | 001,806,336 | ---- | M] () -- C:\Program Files\HSPA USB MODEM\HSPA USB MODEM.exe
PRC - [2010/07/27 08:37:32 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/05 02:17:24 | 000,159,744 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\TrueSuite Access Manager\CssSvr.exe
PRC - [2008/09/04 09:20:14 | 003,152,384 | ---- | M] (Arachnoid Biometrics Identification Group) -- C:\Program Files\TrueSuite Access Manager\PwdBank.exe
PRC - [2008/09/04 06:47:00 | 000,712,704 | ---- | M] (AuthenTec, Inc) -- C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
PRC - [2008/09/03 17:52:12 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/09/03 00:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) -- C:\Windows\System32\TAMSvr.exe
PRC - [2008/07/26 08:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
PRC - [2008/07/19 13:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/05/09 03:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/30 03:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/27 08:57:06 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/04/25 11:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/23 04:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008/04/19 12:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/04/18 03:39:02 | 000,667,648 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2008/04/17 17:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 17:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 16:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/04/12 04:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/04/01 12:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/03/20 06:35:44 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/02/07 06:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/02/07 06:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008/01/12 10:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/04 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/22 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/06/16 14:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007/03/29 16:01:38 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/02/12 18:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/24 09:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/05 19:07:01 | 000,088,064 | ---- | M] () -- C:\ProgramData\Windows\msdr.dll
MOD - [2012/06/20 17:15:50 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/20 17:15:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/06/20 17:14:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/06/20 17:13:59 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/20 17:13:51 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/20 17:12:56 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/06/20 17:12:46 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/08/13 14:10:10 | 000,098,304 | ---- | M] () -- C:\Program Files\HSPA USB MODEM\ModemListener.exe
MOD - [2010/08/13 14:10:08 | 001,806,336 | ---- | M] () -- C:\Program Files\HSPA USB MODEM\HSPA USB MODEM.exe
MOD - [2009/04/11 16:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 16:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 16:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/03/19 11:11:41 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:41 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3019.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:41 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:41 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:41 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:41 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:40 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:33 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3019.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:33 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:33 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/03/19 11:11:33 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/03/19 11:11:33 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/03/19 11:11:33 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/03/19 11:11:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/03/19 11:11:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/03/19 11:11:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/03/19 11:11:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/03/19 11:11:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/03/19 11:11:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/03/19 11:11:33 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/03/19 11:11:32 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/03/19 11:11:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/03/19 11:11:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/03/19 11:11:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/03/19 11:11:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009/03/19 11:11:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/03/19 11:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/03/19 11:11:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/03/19 11:11:30 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/03/19 11:11:29 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/03/19 11:11:29 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/03/19 11:11:29 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/03/19 11:11:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/03/19 11:11:29 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/03/19 11:11:29 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/03/19 11:11:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll
MOD - [2009/03/19 11:11:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/03/19 11:11:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/03/19 11:11:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/03/19 11:11:29 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/03/19 11:11:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/03/19 11:11:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/03/19 11:11:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/03/19 11:11:29 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/03/19 11:11:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/03/19 11:11:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/03/19 11:11:29 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/03/19 11:11:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/09/03 17:52:12 | 000,536,576 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2008/07/26 08:41:56 | 000,094,208 | ---- | M] () -- C:\Program Files\TrueSuite Access Manager\usbnotify.exe
MOD - [2008/05/09 03:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008/04/07 23:59:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/03/07 03:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/26 05:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 14:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007/03/29 15:47:00 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2006/12/02 10:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/11 04:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/08 04:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2005/07/23 14:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/13 07:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 07:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/07/27 08:37:32 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2010/05/17 11:19:15 | 003,088,388 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/09/03 00:06:00 | 000,049,152 | ---- | M] (AuthenTec Inc.) [Auto | Running] -- C:\Windows\System32\TAMSvr.exe -- (Authentec memory manager)
SRV - [2008/07/19 13:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/25 11:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 17:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/12 04:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2008/02/07 06:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/12 10:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/12/04 10:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/22 10:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 18:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/24 09:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/12/13 07:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 07:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/27 08:37:24 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2010/06/17 13:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/19 13:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 13:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/30 11:31:24 | 000,117,384 | ---- | M] (IXXAT Automation GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vcisrv.sys -- (vcisrv)
DRV - [2008/09/30 11:31:14 | 000,173,448 | ---- | M] (IXXAT Automation GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vci109w3.sys -- (vci109w3)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/15 02:52:00 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/07/26 08:41:36 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008/07/19 11:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/04/24 10:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/15 12:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/08 04:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/26 06:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2008/03/20 04:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/03/04 12:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/23 13:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008/01/10 11:34:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2008/01/10 11:34:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/12/18 04:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/15 04:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/30 02:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007/11/10 07:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/19 07:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/10/17 09:36:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/03 04:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/04/10 10:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/10/24 09:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/01/07 22:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHN
IE - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\test\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\test\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/05/30 13:28:49 | 000,000,000 | ---D | M]

[2009/05/23 23:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\mozilla\Extensions
[2009/05/23 23:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\test\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/01/15 13:02:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WiseConvert Toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\Toolbar\WebBrowser: (WiseConvert Toolbar) - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - C:\Program Files\WiseConvert\prxtbWise.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe (Arachnoid Biometrics Identification Group)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKU\.DEFAULT..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003..\Run: [Mobile Partner] "C:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exe" File not found
O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Currency Converter.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - %SystemRoot%\system32\wshbth.dll File not found
O15 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..Trusted Domains: brp.com ([epc] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-au.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C1AD58-1AFA-444B-886F-2080FAC095EF}: DhcpNameServer = 211.31.138.11 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\test\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\test\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - StartUpFolder: C:^Users^test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe - (Lime Wire, LLC)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 22:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/22 22:00:04 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\Conduit
[2012/07/22 21:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\WiseConvert
[2012/07/22 00:44:44 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/22 00:42:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/22 00:42:33 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/22 00:42:33 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/22 00:42:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/22 00:42:33 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/22 00:42:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/22 00:42:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/22 00:42:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/22 00:42:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/22 00:42:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/22 00:42:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/22 00:42:32 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/22 00:42:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/22 00:42:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/22 00:42:32 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/22 00:42:32 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/22 00:42:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/22 00:42:32 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/22 00:42:32 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/22 00:42:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/22 00:42:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/22 00:42:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/22 00:42:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/22 00:42:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/22 00:42:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/22 00:42:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/22 00:42:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/22 00:42:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/22 00:42:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/22 00:42:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/22 00:42:31 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/22 00:42:31 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/07/22 00:42:31 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/22 00:42:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/22 00:42:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/22 00:42:31 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/22 00:42:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/22 00:27:18 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/22 00:27:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/07/22 00:27:17 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/07/22 00:27:17 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/07/22 00:27:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/07/22 00:27:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/07/21 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{1E1953D1-72FD-4BA0-9160-0816B9ABE2E3}
[2012/07/21 21:52:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{8F89BEAE-146C-41C2-9C06-9556ACEA2EED}
[2012/07/20 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{92CA1D76-19D0-49D6-BCA7-55501256A656}
[2012/07/20 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{93211B41-0C8E-487B-A0EF-D6C6FE1F84D5}
[2012/07/19 01:50:06 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{55D76094-2515-40A8-9229-DC134C88B582}
[2012/07/19 01:50:02 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7E72B947-CC52-4675-96B4-1210997C613B}
[2012/07/17 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{96F13B03-8F70-4058-8987-F65DD9005EEA}
[2012/07/17 21:33:10 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{78948CF2-FEFB-452A-AF0B-F8208BA62BAB}
[2012/07/17 14:50:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\test\Desktop\dds.scr
[2012/07/13 23:15:35 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{2A855EBD-F1DE-4A0D-833A-C863207AE0FC}
[2012/07/13 23:15:25 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6859F666-4193-41D0-A518-EA43AA43E04D}
[2012/07/06 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{54E50253-6844-4BA8-B3B0-64B1280E08D9}
[2012/07/05 19:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012/07/05 16:52:47 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{C279C4F5-3212-429F-AF02-D59726ED62D3}
[2012/07/05 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{202B57C5-9DC3-4CDC-91DB-71F8FAECAB54}
[2012/07/04 15:21:48 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{371080BB-DF93-45FE-82FB-59A73EEE81A9}
[2012/07/04 15:21:29 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{79A0B61D-8FA3-4A7A-BA5F-0381A512AD54}
[2012/07/03 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{441219A9-E279-4ACD-9CF9-B11120216CBD}
[2012/07/03 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{05597246-C7CA-4F52-B714-B3708FB70912}
[2012/07/03 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7040F78C-B93D-46BC-AE42-F99B4F741544}
[2012/07/03 18:48:39 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{46D57786-C352-49F6-9C0D-777E161E9A50}
[2012/07/02 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7857F4C4-68EB-4F45-A8A7-9138E43E8D03}
[2012/07/02 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{3FFFDF49-C652-4C1A-9FF8-7E3F4FC46D43}
[2012/07/01 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{4EF9FAFE-2546-496D-BEDD-F1DF0C13E438}
[2012/07/01 05:35:02 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{E0349FE7-A1E6-4C3E-9CDA-E27F944DA31D}
[2012/06/30 11:51:23 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{CC66206C-E926-428D-A758-6368BB65C565}
[2012/06/30 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6DA584BE-E8DC-4031-9742-53F3BAC0AA7A}
[2012/06/29 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{35C651A6-523A-4A7F-803C-2FECE0E42C3C}
[2012/06/29 20:49:16 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{C92257DE-12B3-4307-AAF7-8657CB30AD57}
[2012/06/28 23:48:19 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{1EDF5241-2C06-4B57-928A-62EA132D4E49}
[2012/06/28 23:48:14 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6786761B-7DDC-4E8E-92D4-527CFD716EE3}
[2012/06/28 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{48B8B798-5D10-4999-B327-0D1B60C7E858}
[2012/06/28 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{F936295B-A6C9-492D-A5A1-96E91627D65C}
[2012/06/27 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{D761522A-1AB7-4C9F-A4A5-042A4A8BD472}
[2012/06/27 19:19:03 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7742FF12-710C-4880-A266-6F9E9E73AB79}
[2012/06/23 18:46:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{D0579B77-E4FA-401A-BA1C-F12B99D42AF7}
[2012/05/13 23:49:40 | 000,084,132 | ---- | C] (Igor Pavlov) -- C:\Users\test\0.3244044286583866.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\test\Desktop\*.tmp files -> C:\Users\test\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 22:04:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 22:04:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 18:04:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 00:58:15 | 000,000,949 | ---- | M] () -- C:\Users\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/22 00:56:28 | 000,688,394 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/22 00:56:28 | 000,140,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/22 00:51:17 | 000,000,954 | ---- | M] () -- C:\Users\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/22 00:49:57 | 003,749,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/22 00:47:34 | 3215,826,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 00:46:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/22 00:42:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/07/22 00:42:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/07/22 00:42:33 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/22 00:42:33 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/22 00:42:33 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/22 00:42:33 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/22 00:42:33 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/22 00:42:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/22 00:42:33 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/22 00:42:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/22 00:42:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/22 00:42:32 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/22 00:42:32 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/22 00:42:32 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/22 00:42:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/22 00:42:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/22 00:42:32 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/22 00:42:32 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/22 00:42:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/22 00:42:32 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/22 00:42:32 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/22 00:42:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/22 00:42:32 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/22 00:42:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/22 00:42:32 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/22 00:42:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/22 00:42:32 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/22 00:42:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/22 00:42:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/07/22 00:42:32 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/22 00:42:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/22 00:42:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/22 00:42:31 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/22 00:42:31 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/07/22 00:42:31 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/22 00:42:31 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/22 00:42:31 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/22 00:42:31 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/22 00:42:31 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/21 22:04:05 | 000,190,976 | ---- | M] () -- C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/18 01:10:52 | 000,054,313 | ---- | M] () -- C:\Users\test\Desktop\X3LIGHTNING-TS.jpg
[2012/07/17 14:58:19 | 000,294,216 | ---- | M] () -- C:\Users\test\Desktop\gmer.zip
[2012/07/17 14:50:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\test\Desktop\dds.scr
[2012/07/17 13:21:05 | 000,000,512 | ---- | M] () -- C:\Users\test\Desktop\MBR.dat
[2012/07/17 11:37:16 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/17 11:12:04 | 000,869,194 | ---- | M] () -- C:\Users\test\Desktop\SecurityCheck.exe
[2012/07/04 11:27:24 | 005,262,137 | ---- | M] () -- C:\Users\test\Desktop\Masport_Wood_Brochure_LR[1].pdf
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\test\Desktop\*.tmp files -> C:\Users\test\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 00:42:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/07/18 01:11:06 | 000,054,313 | ---- | C] () -- C:\Users\test\Desktop\X3LIGHTNING-TS.jpg
[2012/07/17 14:58:19 | 000,294,216 | ---- | C] () -- C:\Users\test\Desktop\gmer.zip
[2012/07/17 13:21:05 | 000,000,512 | ---- | C] () -- C:\Users\test\Desktop\MBR.dat
[2012/07/17 11:11:51 | 000,869,194 | ---- | C] () -- C:\Users\test\Desktop\SecurityCheck.exe
[2012/07/04 11:27:24 | 005,262,137 | ---- | C] () -- C:\Users\test\Desktop\Masport_Wood_Brochure_LR[1].pdf
[2012/06/12 12:54:20 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000008.@
[2012/06/12 12:54:20 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\L\00000004.@
[2012/06/12 12:54:19 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000032.@
[2012/06/12 12:54:10 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000000.@
[2012/06/12 12:54:07 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000004.@
[2012/06/12 12:54:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\000000cb.@
[2012/03/30 09:22:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\@
[2012/03/30 09:22:37 | 000,002,048 | -HS- | C] () -- C:\Users\test\AppData\Local\{745591a9-8a55-8f47-795f-863138ae1d13}\@
[2012/03/29 21:47:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/29 21:47:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/29 21:46:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/29 21:46:23 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/03/26 12:59:40 | 000,000,599 | ---- | C] () -- C:\Windows\System32\CNCMP51.INI
[2012/03/22 02:40:16 | 000,000,108 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/06 17:00:04 | 000,000,000 | ---- | C] () -- C:\Users\test\defogger_reenable
[2012/01/05 01:00:50 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011/08/25 15:42:24 | 000,000,175 | ---- | C] () -- C:\Users\test\AppData\Roaming\C87BAE8Ca
[2011/08/25 15:42:24 | 000,000,023 | ---- | C] () -- C:\Users\test\AppData\Roaming\c87bae4ea
[2010/12/09 21:42:49 | 000,000,092 | ---- | C] () -- C:\Users\test\AppData\Local\fusioncache.dat
[2010/12/09 12:21:41 | 000,000,084 | ---- | C] () -- C:\Windows\pswmain.ini
[2009/07/10 09:37:53 | 000,007,052 | ---- | C] () -- C:\Users\test\AppData\Local\d3d9caps.dat
[2009/05/31 21:46:27 | 000,000,008 | ---- | C] () -- C:\Users\test\AppData\Roaming\NMM-MetaData.db
[2009/05/12 16:44:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/12 14:43:14 | 000,190,976 | ---- | C] () -- C:\Users\test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/07 23:59:42 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2012/07/22 00:42:32 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012/07/22 00:42:32 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008/12/31 17:04:36 | 000,502,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\OGAAddin.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 13:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 13:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 13:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/05 01:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/05/02 00:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %SYSTEMDRIVE%\*.exe >
[2009/05/26 16:08:46 | 000,692,224 | R--- | M] (ARI, Inc. 11425 W. Lake Park Drive, Milwaukee, WI 53224) -- C:\HardDriveCopy.exe

< MD5 for: AFD.SYS >
[2011/04/21 23:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 23:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 23:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 23:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/21 12:24:43 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 14:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 23:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 12:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 12:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 19:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 16:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/21 12:25:26 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 14:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/11 14:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: SERVICES.EXE >
[2008/01/21 12:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\ERDNT\cache\services.exe
[2008/01/21 12:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 16:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 16:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 12:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 12:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TDX.SYS >
[2009/04/11 14:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/11 14:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/21 12:25:18 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\ERDNT\cache\tdx.sys
[2008/01/21 12:25:18 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 19:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 16:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 12:23:46 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 12:23:46 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/21 12:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/21 12:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 12:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 12:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/21 12:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/07/22 00:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/07/22 00:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/07/22 00:42:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/07/22 00:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/07/22 00:42:33 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\test\Desktop\Honda Jetskishop F 15 R 12 Surf Freestyle With Go Pro Version 2 [www.Keep-Tube.com].mp4:TOC.WMV
@Alternate Data Stream - 612 bytes -> C:\Users\test\Documents\jake email draft.eml:OECustomProperty

< End of report >

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 22 July 2012 - 09:45 AM

Hi!

It looks like this infection has done some damage to some registry entries and corrupted some values.

We'll need to fix this a little later.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.




OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
    O4 - HKU\S-1-5-21-4072541184-349085404-2171864745-1003..\Run: [Mobile Partner] "C:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exe" File not found
    O4 - Startup: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Currency Converter.lnk = File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    [2012/07/21 21:52:58 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{1E1953D1-72FD-4BA0-9160-0816B9ABE2E3}
    [2012/07/21 21:52:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{8F89BEAE-146C-41C2-9C06-9556ACEA2EED}
    [2012/07/20 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{92CA1D76-19D0-49D6-BCA7-55501256A656}
    [2012/07/20 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{93211B41-0C8E-487B-A0EF-D6C6FE1F84D5}
    [2012/07/19 01:50:06 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{55D76094-2515-40A8-9229-DC134C88B582}
    [2012/07/19 01:50:02 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7E72B947-CC52-4675-96B4-1210997C613B}
    [2012/07/17 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{96F13B03-8F70-4058-8987-F65DD9005EEA}
    [2012/07/17 21:33:10 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{78948CF2-FEFB-452A-AF0B-F8208BA62BAB}
    [2012/07/13 23:15:35 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{2A855EBD-F1DE-4A0D-833A-C863207AE0FC}
    [2012/07/13 23:15:25 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6859F666-4193-41D0-A518-EA43AA43E04D}
    [2012/07/06 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{54E50253-6844-4BA8-B3B0-64B1280E08D9}
    [2012/07/05 16:52:47 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{C279C4F5-3212-429F-AF02-D59726ED62D3}
    [2012/07/05 16:52:31 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{202B57C5-9DC3-4CDC-91DB-71F8FAECAB54}
    [2012/07/04 15:21:48 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{371080BB-DF93-45FE-82FB-59A73EEE81A9}
    [2012/07/04 15:21:29 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{79A0B61D-8FA3-4A7A-BA5F-0381A512AD54}
    [2012/07/03 18:58:32 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{441219A9-E279-4ACD-9CF9-B11120216CBD}
    [2012/07/03 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{05597246-C7CA-4F52-B714-B3708FB70912}
    [2012/07/03 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7040F78C-B93D-46BC-AE42-F99B4F741544}
    [2012/07/03 18:48:39 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{46D57786-C352-49F6-9C0D-777E161E9A50}
    [2012/07/02 11:57:00 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7857F4C4-68EB-4F45-A8A7-9138E43E8D03}
    [2012/07/02 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{3FFFDF49-C652-4C1A-9FF8-7E3F4FC46D43}
    [2012/07/01 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{4EF9FAFE-2546-496D-BEDD-F1DF0C13E438}
    [2012/07/01 05:35:02 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{E0349FE7-A1E6-4C3E-9CDA-E27F944DA31D}
    [2012/06/30 11:51:23 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{CC66206C-E926-428D-A758-6368BB65C565}
    [2012/06/30 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6DA584BE-E8DC-4031-9742-53F3BAC0AA7A}
    [2012/06/29 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{35C651A6-523A-4A7F-803C-2FECE0E42C3C}
    [2012/06/29 20:49:16 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{C92257DE-12B3-4307-AAF7-8657CB30AD57}
    [2012/06/28 23:48:19 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{1EDF5241-2C06-4B57-928A-62EA132D4E49}
    [2012/06/28 23:48:14 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{6786761B-7DDC-4E8E-92D4-527CFD716EE3}
    [2012/06/28 10:42:42 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{48B8B798-5D10-4999-B327-0D1B60C7E858}
    [2012/06/28 10:42:34 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{F936295B-A6C9-492D-A5A1-96E91627D65C}
    [2012/06/27 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{D761522A-1AB7-4C9F-A4A5-042A4A8BD472}
    [2012/06/27 19:19:03 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{7742FF12-710C-4880-A266-6F9E9E73AB79}
    [2012/06/23 18:46:45 | 000,000,000 | ---D | C] -- C:\Users\test\AppData\Local\{D0579B77-E4FA-401A-BA1C-F12B99D42AF7}
    [2012/05/13 23:49:40 | 000,084,132 | ---- | C] (Igor Pavlov) -- C:\Users\test\0.3244044286583866.exe
    [2012/06/12 12:54:20 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000008.@
    [2012/06/12 12:54:20 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\L\00000004.@
    [2012/06/12 12:54:19 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000032.@
    [2012/06/12 12:54:10 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000000.@
    [2012/06/12 12:54:07 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000004.@
    [2012/06/12 12:54:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\000000cb.@
    [2012/03/30 09:22:37 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\@
    [2012/03/30 09:22:37 | 000,002,048 | -HS- | C] () -- C:\Users\test\AppData\Local\{745591a9-8a55-8f47-795f-863138ae1d13}\@
    [2011/08/25 15:42:24 | 000,000,175 | ---- | C] () -- C:\Users\test\AppData\Roaming\C87BAE8Ca
    [2011/08/25 15:42:24 | 000,000,023 | ---- | C] () -- C:\Users\test\AppData\Roaming\c87bae4ea
    @Alternate Data Stream - 64 bytes -> C:\Users\test\Desktop\Honda Jetskishop F 15 R 12 Surf Freestyle With Go Pro Version 2 [www.Keep-Tube.com].mp4:TOC.WMV
    @Alternate Data Stream - 612 bytes -> C:\Users\test\Documents\jake email draft.eml:OECustomProperty
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 26 July 2012 - 06:23 AM

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4072541184-349085404-2171864745-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4072541184-349085404-2171864745-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Mobile Partner deleted successfully.
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Currency Converter.lnk moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\test\AppData\Local\{1E1953D1-72FD-4BA0-9160-0816B9ABE2E3} folder moved successfully.
C:\Users\test\AppData\Local\{8F89BEAE-146C-41C2-9C06-9556ACEA2EED} folder moved successfully.
C:\Users\test\AppData\Local\{92CA1D76-19D0-49D6-BCA7-55501256A656} folder moved successfully.
C:\Users\test\AppData\Local\{93211B41-0C8E-487B-A0EF-D6C6FE1F84D5} folder moved successfully.
C:\Users\test\AppData\Local\{55D76094-2515-40A8-9229-DC134C88B582} folder moved successfully.
C:\Users\test\AppData\Local\{7E72B947-CC52-4675-96B4-1210997C613B} folder moved successfully.
C:\Users\test\AppData\Local\{96F13B03-8F70-4058-8987-F65DD9005EEA} folder moved successfully.
C:\Users\test\AppData\Local\{78948CF2-FEFB-452A-AF0B-F8208BA62BAB} folder moved successfully.
C:\Users\test\AppData\Local\{2A855EBD-F1DE-4A0D-833A-C863207AE0FC} folder moved successfully.
C:\Users\test\AppData\Local\{6859F666-4193-41D0-A518-EA43AA43E04D} folder moved successfully.
C:\Users\test\AppData\Local\{54E50253-6844-4BA8-B3B0-64B1280E08D9} folder moved successfully.
C:\Users\test\AppData\Local\{C279C4F5-3212-429F-AF02-D59726ED62D3} folder moved successfully.
C:\Users\test\AppData\Local\{202B57C5-9DC3-4CDC-91DB-71F8FAECAB54} folder moved successfully.
C:\Users\test\AppData\Local\{371080BB-DF93-45FE-82FB-59A73EEE81A9} folder moved successfully.
C:\Users\test\AppData\Local\{79A0B61D-8FA3-4A7A-BA5F-0381A512AD54} folder moved successfully.
C:\Users\test\AppData\Local\{441219A9-E279-4ACD-9CF9-B11120216CBD} folder moved successfully.
C:\Users\test\AppData\Local\{05597246-C7CA-4F52-B714-B3708FB70912} folder moved successfully.
C:\Users\test\AppData\Local\{7040F78C-B93D-46BC-AE42-F99B4F741544} folder moved successfully.
C:\Users\test\AppData\Local\{46D57786-C352-49F6-9C0D-777E161E9A50} folder moved successfully.
C:\Users\test\AppData\Local\{7857F4C4-68EB-4F45-A8A7-9138E43E8D03} folder moved successfully.
C:\Users\test\AppData\Local\{3FFFDF49-C652-4C1A-9FF8-7E3F4FC46D43} folder moved successfully.
C:\Users\test\AppData\Local\{4EF9FAFE-2546-496D-BEDD-F1DF0C13E438} folder moved successfully.
C:\Users\test\AppData\Local\{E0349FE7-A1E6-4C3E-9CDA-E27F944DA31D} folder moved successfully.
C:\Users\test\AppData\Local\{CC66206C-E926-428D-A758-6368BB65C565} folder moved successfully.
C:\Users\test\AppData\Local\{6DA584BE-E8DC-4031-9742-53F3BAC0AA7A} folder moved successfully.
C:\Users\test\AppData\Local\{35C651A6-523A-4A7F-803C-2FECE0E42C3C} folder moved successfully.
C:\Users\test\AppData\Local\{C92257DE-12B3-4307-AAF7-8657CB30AD57} folder moved successfully.
C:\Users\test\AppData\Local\{1EDF5241-2C06-4B57-928A-62EA132D4E49} folder moved successfully.
C:\Users\test\AppData\Local\{6786761B-7DDC-4E8E-92D4-527CFD716EE3} folder moved successfully.
C:\Users\test\AppData\Local\{48B8B798-5D10-4999-B327-0D1B60C7E858} folder moved successfully.
C:\Users\test\AppData\Local\{F936295B-A6C9-492D-A5A1-96E91627D65C} folder moved successfully.
C:\Users\test\AppData\Local\{D761522A-1AB7-4C9F-A4A5-042A4A8BD472} folder moved successfully.
C:\Users\test\AppData\Local\{7742FF12-710C-4880-A266-6F9E9E73AB79} folder moved successfully.
C:\Users\test\AppData\Local\{D0579B77-E4FA-401A-BA1C-F12B99D42AF7} folder moved successfully.
C:\Users\test\0.3244044286583866.exe moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000008.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\L\00000004.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000032.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\80000000.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\00000004.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{745591a9-8a55-8f47-795f-863138ae1d13}\@ moved successfully.
C:\Users\test\AppData\Local\{745591a9-8a55-8f47-795f-863138ae1d13}\@ moved successfully.
C:\Users\test\AppData\Roaming\C87BAE8Ca moved successfully.
C:\Users\test\AppData\Roaming\c87bae4ea moved successfully.
Unable to delete ADS C:\Users\test\Desktop\Honda Jetskishop F 15 R 12 Surf Freestyle With Go Pro Version 2 [www.Keep-Tube.com].mp4:TOC.WMV .
ADS C:\Users\test\Documents\jake email draft.eml:OECustomProperty deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
c:\Users\test\Downloads\cmd.bat deleted successfully.
c:\Users\test\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\test\Downloads\cmd.bat deleted successfully.
c:\Users\test\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: test
->Flash cache emptied: 3203940 bytes

Total Flash Files Cleaned = 3.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: test
->Java cache emptied: 2226029 bytes

Total Java Files Cleaned = 2.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07262012_195703

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#7 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 26 July 2012 - 06:27 AM

((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 10:46 . 2012-07-26 10:48 -------- d-----w- c:\users\test\AppData\Local\temp
2012-07-26 10:46 . 2012-07-26 10:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-26 10:46 . 2012-07-26 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 09:57 . 2012-07-26 09:57 -------- d-----w- C:\_OTL
2012-07-22 12:00 . 2012-07-22 12:00 -------- d-----w- c:\program files\Conduit
2012-07-22 12:00 . 2012-07-22 13:29 -------- d-----w- c:\users\test\AppData\Local\Conduit
2012-07-21 14:44 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-21 14:27 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 07:53 . 2011-03-28 08:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 01:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 01:23 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 01:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 01:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 01:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 01:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 01:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 01:23 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-21 01:23 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-08 16:40 . 2012-06-08 11:46 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8676963-3467-4084-B523-C104833F94EB}\mpengine.dll
2012-05-01 14:03 . 2012-06-20 06:38 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-20 00:56 32768 --sha-w- c:\windows\System32\winsysverp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 22:41 118784 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 712704]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-09-03 536576]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-08-13 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 430080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^Users^test^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-11-30 01:58 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: brp.com\epc
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
AddRemove-Polaris Digital Wrench - c:\program files\DSA\Polaris Digital Wrench\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 20:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3592)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\TAMSvr.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-07-26 20:58:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 10:57
.
Pre-Run: 4,298,178,560 bytes free
Post-Run: 5,425,745,920 bytes free
.
- - End Of File - - 11CA5BF18DCBBCB9AA0670D5FF5139F0




















computer seems same , sometimes takes many goes to get ie to open / run



Thank you


Dave

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 26 July 2012 - 09:41 AM

Hi Dave!

Thanks for posting those log files. It looks like the ComboFix.txt log file may have gotten cut off.

Could you please try reposting it for me?

It can be found in your C:\ drive under the name ComboFix.txt

Thanks,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 July 2012 - 09:14 PM

Its way too big, what do you want me to do??


Dave

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 28 July 2012 - 06:23 PM

Hi Dave!

Could you please go ahead and attach the log file in your next reply for me?

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 30 July 2012 - 03:28 AM

it wont let me attatch anyhting sorry??

nothing happens



Dave

Edited by toshiba au, 30 July 2012 - 03:29 AM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 30 July 2012 - 03:06 PM

Hi Dave!

Sorry to hear that, could you drop it in my submission channel?

Uploading File
Please visit this site & follow the instructions for uploading the file mentioned below.
Copy/paste the contents of the Code Box below into the Link to topic where this file was requested: box:
http://www.bleepingcomputer.com/forums/topic461015.html/page__view__findpost__p__2785746
Click Browse & navigate to C:\ComboFix.txt.

Cheers,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 toshiba au

toshiba au
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 03 August 2012 - 07:57 AM

Done :)


My internet appears to be getting chewed up again for no reason...., It was ok there for a while i think

Edited by toshiba au, 03 August 2012 - 08:01 AM.


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 06 August 2012 - 03:18 PM

Hello!

I truly apologize for the delay in responding back to you. I have been absolutely swamped lately with work. I've been having to work some long days, and have had no time to open up my computer.

Please do not think that I forgot about you, because I did not.

I am currently in the process of reviewing your latest logs, and should have something more for you within an hour or two.

I once again apologize for the long delay in responding back to you.

Warmest Regards,
SweetTech.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:11:37 AM

Posted 06 August 2012 - 03:46 PM

Hi!

Please run this script with ComboFix:


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\windows\System32\winsysverp.dll
ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users