Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Gen, Trojan.Gen.2, Trojan.zeroaccess.b, Backdoor.Trojan


  • Please log in to reply
25 replies to this topic

#1 JenPoohBear

JenPoohBear

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 27 July 2012 - 02:12 PM

Every few minutes I get a message from Norton Auto Block telling me a threat has been detected and blocked. It is always one of the viruses listed in the topic title. I have a Toshiba Satellite Laptop operating Windows Vista 32 bit with Service Pack 2. I use Norton 360, and also have NPE. I followed all of your steps in preparing my system for removal. However, I was unable to run Gmer.exe all the way through completion. It would start and then freeze and close before it completed the scan. It even did this from safe mode. Since having these viruses detected, I have also experienced problems with my computer freezing up and the open windows not responding. My mouse will move but will not interact with any icons, nor will task manager open from Cntrl+Alt+Del leaving me with the only option of a hard restart. Sometimes when it comes back it is fine, sometimes the problem occurs again within a few minutes.

Below is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Jenny at 0:01:54 on 2012-07-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1895 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\ConfigFree\cfFncEnabler.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
TB: {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {B81767E1-672D-4DA1-B5CC-D277185815A6} - No File
TB: {B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\jenny\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Skytel] Skytel.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\jenny\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to &Lightning Note - c:\program files\corel\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{AFCB5E9A-E1F9-4FC7-AE19-2C6A1506A6F9} : DhcpNameServer = 192.168.10.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.0.0.145\definitions\ipsdefs\20120726.001\IDSvix86.sys [2012-7-26 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0602010.005\symtdiv.sys [2012-5-18 345208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-14 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
.
=============== Created Last 30 ================
.
2012-07-24 18:03:02 -------- d-----w- c:\users\jenny\appdata\roaming\WildTangent
2012-07-22 18:06:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-21 22:05:55 -------- d-----w- C:\FRST
2012-07-20 05:24:40 -------- d-----w- c:\users\jenny\appdata\local\NPE
2012-07-16 00:34:16 -------- d-----w- c:\users\jenny\appdata\roaming\MotoCast
2012-07-12 08:09:25 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:38:26 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 14:38:25 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:38:25 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 14:38:24 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 14:38:24 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 14:38:24 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
==================== Find3M ====================
.
2012-07-12 01:10:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 01:10:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-14 22:38:00 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 0:06:43.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 27 July 2012 - 06:19 PM

Hello JenPoohBear and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    svchost.exe
    tdx.sys
    afd.sys
    netbt.sys
    services.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 29 July 2012 - 08:32 PM

1. My Norton 360 Auto Protect keeps popping up saying that it blocked a threat. So, is this software actually providing any protection against these viruses? Is it likely that they will provide a solution to these viruses in the future? Is there any protection that I could buy that would prevent this kind of attack?

2.
19:52:59.0993 1724 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:53:00.0336 1724 ============================================================
19:53:00.0336 1724 Current date / time: 2012/07/29 19:53:00.0336
19:53:00.0336 1724 SystemInfo:
19:53:00.0336 1724
19:53:00.0336 1724 OS Version: 6.0.6002 ServicePack: 2.0
19:53:00.0336 1724 Product type: Workstation
19:53:00.0336 1724 ComputerName: LAPTOP
19:53:00.0336 1724 UserName: Jenny
19:53:00.0336 1724 Windows directory: C:\Windows
19:53:00.0336 1724 System windows directory: C:\Windows
19:53:00.0336 1724 Processor architecture: Intel x86
19:53:00.0336 1724 Number of processors: 2
19:53:00.0336 1724 Page size: 0x1000
19:53:00.0336 1724 Boot type: Safe boot with network
19:53:00.0336 1724 ============================================================
19:53:01.0475 1724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:53:01.0475 1724 ============================================================
19:53:01.0475 1724 \Device\Harddisk0\DR0:
19:53:01.0475 1724 MBR partitions:
19:53:01.0475 1724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x242C2800
19:53:01.0475 1724 ============================================================
19:53:01.0491 1724 C: <-> \Device\Harddisk0\DR0\Partition0
19:53:01.0491 1724 ============================================================
19:53:01.0491 1724 Initialize success
19:53:01.0491 1724 ============================================================
19:53:38.0120 0808 ============================================================
19:53:38.0120 0808 Scan started
19:53:38.0120 0808 Mode: Manual; SigCheck; TDLFS;
19:53:38.0120 0808 ============================================================
19:53:39.0134 0808 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:53:39.0243 0808 ACPI - ok
19:53:39.0336 0808 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:53:39.0352 0808 AdobeFlashPlayerUpdateSvc - ok
19:53:39.0446 0808 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:53:39.0477 0808 adp94xx - ok
19:53:39.0524 0808 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:53:39.0539 0808 adpahci - ok
19:53:39.0555 0808 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:53:39.0570 0808 adpu160m - ok
19:53:39.0586 0808 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:53:39.0602 0808 adpu320 - ok
19:53:39.0648 0808 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:53:39.0773 0808 AeLookupSvc - ok
19:53:39.0836 0808 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:53:39.0914 0808 AFD - ok
19:53:39.0945 0808 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
19:53:40.0007 0808 AgereModemAudio - ok
19:53:40.0101 0808 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
19:53:40.0194 0808 AgereSoftModem - ok
19:53:40.0241 0808 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:53:40.0257 0808 agp440 - ok
19:53:40.0288 0808 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:53:40.0304 0808 aic78xx - ok
19:53:40.0335 0808 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:53:40.0475 0808 ALG - ok
19:53:40.0506 0808 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:53:40.0522 0808 aliide - ok
19:53:40.0538 0808 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:53:40.0553 0808 amdagp - ok
19:53:40.0569 0808 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:53:40.0584 0808 amdide - ok
19:53:40.0616 0808 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:53:40.0662 0808 AmdK7 - ok
19:53:40.0678 0808 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:53:40.0740 0808 AmdK8 - ok
19:53:40.0787 0808 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:53:40.0834 0808 Appinfo - ok
19:53:40.0865 0808 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:53:40.0896 0808 arc - ok
19:53:40.0912 0808 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:53:40.0928 0808 arcsas - ok
19:53:40.0943 0808 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:53:40.0990 0808 AsyncMac - ok
19:53:41.0021 0808 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
19:53:41.0037 0808 atapi - ok
19:53:41.0099 0808 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:53:41.0146 0808 AudioEndpointBuilder - ok
19:53:41.0162 0808 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:53:41.0177 0808 Audiosrv - ok
19:53:41.0302 0808 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:53:41.0318 0808 BBSvc - ok
19:53:41.0349 0808 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:53:41.0411 0808 Beep - ok
19:53:41.0598 0808 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
19:53:41.0708 0808 BHDrvx86 - ok
19:53:41.0739 0808 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:53:41.0786 0808 blbdrive - ok
19:53:41.0848 0808 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:53:41.0910 0808 bowser - ok
19:53:41.0942 0808 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:53:41.0973 0808 BrFiltLo - ok
19:53:42.0004 0808 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:53:42.0051 0808 BrFiltUp - ok
19:53:42.0098 0808 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:53:42.0144 0808 Browser - ok
19:53:42.0207 0808 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:53:42.0394 0808 Brserid - ok
19:53:42.0410 0808 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:53:42.0456 0808 BrSerWdm - ok
19:53:42.0472 0808 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:53:42.0550 0808 BrUsbMdm - ok
19:53:42.0581 0808 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:53:42.0612 0808 BrUsbSer - ok
19:53:42.0659 0808 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:53:42.0706 0808 BTHMODEM - ok
19:53:42.0815 0808 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
19:53:42.0831 0808 ccSet_N360 - ok
19:53:42.0878 0808 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:53:42.0940 0808 cdfs - ok
19:53:42.0987 0808 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:53:43.0034 0808 cdrom - ok
19:53:43.0143 0808 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:53:43.0205 0808 CertPropSvc - ok
19:53:43.0252 0808 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:53:43.0283 0808 circlass - ok
19:53:43.0346 0808 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:53:43.0361 0808 CLFS - ok
19:53:43.0424 0808 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:53:43.0439 0808 clr_optimization_v2.0.50727_32 - ok
19:53:43.0517 0808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:53:43.0564 0808 clr_optimization_v4.0.30319_32 - ok
19:53:43.0611 0808 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:53:43.0642 0808 CmBatt - ok
19:53:43.0642 0808 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:53:43.0658 0808 cmdide - ok
19:53:43.0673 0808 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:53:43.0689 0808 Compbatt - ok
19:53:43.0704 0808 COMSysApp - ok
19:53:43.0798 0808 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:53:43.0814 0808 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
19:53:43.0814 0808 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
19:53:43.0892 0808 cpuz132 - ok
19:53:43.0907 0808 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:53:43.0923 0808 crcdisk - ok
19:53:43.0970 0808 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:53:44.0016 0808 Crusoe - ok
19:53:44.0063 0808 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:53:44.0126 0808 CryptSvc - ok
19:53:44.0188 0808 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:53:44.0297 0808 DcomLaunch - ok
19:53:44.0344 0808 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:53:44.0391 0808 DfsC - ok
19:53:44.0531 0808 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:53:44.0687 0808 DFSR - ok
19:53:44.0828 0808 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:53:44.0874 0808 Dhcp - ok
19:53:44.0937 0808 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:53:44.0952 0808 disk - ok
19:53:44.0999 0808 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:53:45.0046 0808 Dnscache - ok
19:53:45.0077 0808 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:53:45.0124 0808 dot3svc - ok
19:53:45.0186 0808 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:53:45.0218 0808 DPS - ok
19:53:45.0264 0808 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:53:45.0311 0808 drmkaud - ok
19:53:45.0389 0808 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:53:45.0420 0808 DXGKrnl - ok
19:53:45.0452 0808 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:53:45.0483 0808 E1G60 - ok
19:53:45.0514 0808 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:53:45.0561 0808 EapHost - ok
19:53:45.0623 0808 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:53:45.0639 0808 Ecache - ok
19:53:45.0748 0808 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:53:45.0795 0808 eeCtrl - ok
19:53:45.0873 0808 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:53:45.0904 0808 ehRecvr - ok
19:53:45.0935 0808 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:53:45.0998 0808 ehSched - ok
19:53:46.0013 0808 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:53:46.0029 0808 ehstart - ok
19:53:46.0122 0808 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:53:46.0138 0808 elxstor - ok
19:53:46.0200 0808 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:53:46.0294 0808 EMDMgmt - ok
19:53:46.0403 0808 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:53:46.0403 0808 EraserUtilRebootDrv - ok
19:53:46.0450 0808 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:53:46.0481 0808 ErrDev - ok
19:53:46.0528 0808 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:53:46.0575 0808 EventSystem - ok
19:53:46.0637 0808 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:53:46.0684 0808 exfat - ok
19:53:46.0715 0808 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:53:46.0746 0808 fastfat - ok
19:53:46.0762 0808 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:53:46.0809 0808 fdc - ok
19:53:46.0887 0808 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:53:46.0918 0808 fdPHost - ok
19:53:46.0965 0808 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:53:47.0012 0808 FDResPub - ok
19:53:47.0058 0808 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:53:47.0074 0808 FileInfo - ok
19:53:47.0090 0808 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:53:47.0152 0808 Filetrace - ok
19:53:47.0168 0808 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:53:47.0199 0808 flpydisk - ok
19:53:47.0261 0808 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:53:47.0277 0808 FltMgr - ok
19:53:47.0370 0808 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:53:47.0464 0808 FontCache - ok
19:53:47.0542 0808 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:53:47.0542 0808 FontCache3.0.0.0 - ok
19:53:47.0589 0808 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
19:53:47.0604 0808 fssfltr - ok
19:53:47.0745 0808 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:53:47.0838 0808 fsssvc - ok
19:53:48.0026 0808 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:53:48.0072 0808 Fs_Rec - ok
19:53:48.0104 0808 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
19:53:48.0150 0808 FwLnk - ok
19:53:48.0182 0808 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:53:48.0197 0808 gagp30kx - ok
19:53:48.0306 0808 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
19:53:48.0322 0808 GamesAppService - ok
19:53:48.0353 0808 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:53:48.0353 0808 GEARAspiWDM - ok
19:53:48.0400 0808 getPlusHelper (ce8f5b65d6cfe435fb9bf875eda99d55) C:\Program Files\NOS\bin\getPlus_Helper.dll
19:53:48.0416 0808 getPlusHelper - ok
19:53:48.0494 0808 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:53:48.0494 0808 GoogleDesktopManager-051210-111108 - ok
19:53:48.0556 0808 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:53:48.0618 0808 gpsvc - ok
19:53:48.0696 0808 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:53:48.0712 0808 gupdate - ok
19:53:48.0728 0808 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:53:48.0743 0808 gupdatem - ok
19:53:48.0790 0808 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:53:48.0790 0808 gusvc - ok
19:53:48.0852 0808 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:53:48.0915 0808 HdAudAddService - ok
19:53:48.0993 0808 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:53:49.0071 0808 HDAudBus - ok
19:53:49.0102 0808 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:53:49.0164 0808 HidBth - ok
19:53:49.0196 0808 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:53:49.0258 0808 HidIr - ok
19:53:49.0289 0808 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:53:49.0352 0808 hidserv - ok
19:53:49.0367 0808 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:53:49.0383 0808 HidUsb - ok
19:53:49.0398 0808 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:53:49.0461 0808 hkmsvc - ok
19:53:49.0508 0808 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:53:49.0523 0808 HpCISSs - ok
19:53:49.0570 0808 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:53:49.0664 0808 HTTP - ok
19:53:49.0679 0808 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:53:49.0695 0808 i2omp - ok
19:53:49.0757 0808 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:53:49.0788 0808 i8042prt - ok
19:53:49.0898 0808 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:53:49.0913 0808 IAANTMON - ok
19:53:50.0022 0808 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
19:53:50.0022 0808 iaStor - ok
19:53:50.0069 0808 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:53:50.0085 0808 iaStorV - ok
19:53:50.0147 0808 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:53:50.0163 0808 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:53:50.0163 0808 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:53:50.0256 0808 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:53:50.0303 0808 idsvc - ok
19:53:50.0444 0808 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120727.001\IDSvix86.sys
19:53:50.0475 0808 IDSVix86 - ok
19:53:50.0693 0808 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:53:50.0865 0808 igfx - ok
19:53:50.0943 0808 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:53:50.0958 0808 iirsp - ok
19:53:51.0021 0808 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:53:51.0099 0808 IKEEXT - ok
19:53:51.0239 0808 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
19:53:51.0380 0808 IntcAzAudAddService - ok
19:53:51.0489 0808 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:53:51.0520 0808 intelide - ok
19:53:51.0551 0808 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:53:51.0598 0808 intelppm - ok
19:53:51.0645 0808 IO_Memory - ok
19:53:51.0676 0808 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:53:51.0723 0808 IPBusEnum - ok
19:53:51.0738 0808 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:53:51.0785 0808 IpFilterDriver - ok
19:53:51.0801 0808 IpInIp - ok
19:53:51.0816 0808 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:53:51.0863 0808 IPMIDRV - ok
19:53:51.0894 0808 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:53:51.0910 0808 IPNAT - ok
19:53:51.0941 0808 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:53:51.0972 0808 IRENUM - ok
19:53:51.0988 0808 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:53:52.0004 0808 isapnp - ok
19:53:52.0066 0808 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:53:52.0082 0808 iScsiPrt - ok
19:53:52.0097 0808 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:53:52.0113 0808 iteatapi - ok
19:53:52.0144 0808 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:53:52.0144 0808 iteraid - ok
19:53:52.0175 0808 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:53:52.0175 0808 kbdclass - ok
19:53:52.0191 0808 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:53:52.0253 0808 kbdhid - ok
19:53:52.0284 0808 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:53:52.0347 0808 KeyIso - ok
19:53:52.0378 0808 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
19:53:52.0394 0808 KR10I - ok
19:53:52.0425 0808 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
19:53:52.0472 0808 KR10N - ok
19:53:52.0518 0808 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:53:52.0550 0808 KSecDD - ok
19:53:52.0612 0808 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:53:52.0690 0808 KtmRm - ok
19:53:52.0737 0808 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:53:52.0815 0808 LanmanServer - ok
19:53:52.0846 0808 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:53:52.0908 0808 LanmanWorkstation - ok
19:53:52.0971 0808 LexBceS (027d03d9d8ab95194a115a999e960ac0) C:\Windows\System32\LEXBCES.EXE
19:53:53.0033 0808 LexBceS - ok
19:53:53.0080 0808 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:53:53.0127 0808 lltdio - ok
19:53:53.0174 0808 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:53:53.0205 0808 lltdsvc - ok
19:53:53.0220 0808 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:53:53.0283 0808 lmhosts - ok
19:53:53.0314 0808 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:53:53.0330 0808 LSI_FC - ok
19:53:53.0345 0808 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:53:53.0361 0808 LSI_SAS - ok
19:53:53.0376 0808 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:53:53.0392 0808 LSI_SCSI - ok
19:53:53.0408 0808 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:53:53.0439 0808 luafv - ok
19:53:53.0454 0808 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:53:53.0454 0808 Mcx2Svc - ok
19:53:53.0501 0808 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:53:53.0501 0808 megasas - ok
19:53:53.0548 0808 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:53:53.0579 0808 MegaSR - ok
19:53:53.0626 0808 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:53:53.0688 0808 MMCSS - ok
19:53:53.0704 0808 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:53:53.0735 0808 Modem - ok
19:53:53.0782 0808 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:53:53.0829 0808 monitor - ok
19:53:53.0891 0808 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:53:53.0907 0808 mouclass - ok
19:53:53.0922 0808 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:53:53.0969 0808 mouhid - ok
19:53:54.0000 0808 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:53:54.0016 0808 MountMgr - ok
19:53:54.0047 0808 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:53:54.0063 0808 mpio - ok
19:53:54.0094 0808 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:53:54.0125 0808 mpsdrv - ok
19:53:54.0141 0808 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:53:54.0156 0808 Mraid35x - ok
19:53:54.0219 0808 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:53:54.0266 0808 MRxDAV - ok
19:53:54.0297 0808 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:53:54.0359 0808 mrxsmb - ok
19:53:54.0390 0808 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:53:54.0437 0808 mrxsmb10 - ok
19:53:54.0453 0808 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:53:54.0500 0808 mrxsmb20 - ok
19:53:54.0546 0808 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:53:54.0546 0808 msahci - ok
19:53:54.0578 0808 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:53:54.0593 0808 msdsm - ok
19:53:54.0609 0808 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:53:54.0656 0808 MSDTC - ok
19:53:54.0687 0808 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:53:54.0734 0808 Msfs - ok
19:53:54.0780 0808 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:53:54.0780 0808 msisadrv - ok
19:53:54.0827 0808 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:53:54.0890 0808 MSiSCSI - ok
19:53:54.0905 0808 msiserver - ok
19:53:54.0952 0808 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:53:55.0014 0808 MSKSSRV - ok
19:53:55.0046 0808 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:53:55.0092 0808 MSPCLOCK - ok
19:53:55.0124 0808 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:53:55.0170 0808 MSPQM - ok
19:53:55.0233 0808 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:53:55.0248 0808 MsRPC - ok
19:53:55.0264 0808 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:53:55.0280 0808 mssmbios - ok
19:53:55.0311 0808 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:53:55.0326 0808 MSTEE - ok
19:53:55.0342 0808 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:53:55.0358 0808 Mup - ok
19:53:55.0436 0808 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
19:53:55.0436 0808 N360 - ok
19:53:55.0482 0808 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:53:55.0529 0808 napagent - ok
19:53:55.0592 0808 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:53:55.0623 0808 NativeWifiP - ok
19:53:55.0779 0808 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVENG.SYS
19:53:55.0779 0808 NAVENG - ok
19:53:55.0888 0808 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVEX15.SYS
19:53:55.0997 0808 NAVEX15 - ok
19:53:56.0153 0808 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:53:56.0184 0808 NDIS - ok
19:53:56.0231 0808 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:53:56.0247 0808 NdisTapi - ok
19:53:56.0247 0808 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:53:56.0309 0808 Ndisuio - ok
19:53:56.0372 0808 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:53:56.0403 0808 NdisWan - ok
19:53:56.0403 0808 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:53:56.0434 0808 NDProxy - ok
19:53:56.0465 0808 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:53:56.0512 0808 NetBIOS - ok
19:53:56.0559 0808 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:53:56.0574 0808 netbt - ok
19:53:56.0621 0808 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:53:56.0637 0808 Netlogon - ok
19:53:56.0668 0808 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:53:56.0699 0808 Netman - ok
19:53:56.0715 0808 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:53:56.0762 0808 netprofm - ok
19:53:56.0808 0808 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:53:56.0824 0808 NetTcpPortSharing - ok
19:53:56.0855 0808 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:53:56.0871 0808 nfrd960 - ok
19:53:56.0902 0808 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:53:56.0949 0808 NlaSvc - ok
19:53:56.0980 0808 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:53:56.0996 0808 Npfs - ok
19:53:57.0011 0808 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:53:57.0042 0808 nsi - ok
19:53:57.0058 0808 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:53:57.0105 0808 nsiproxy - ok
19:53:57.0198 0808 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:53:57.0245 0808 Ntfs - ok
19:53:57.0292 0808 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:53:57.0354 0808 ntrigdigi - ok
19:53:57.0386 0808 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:53:57.0401 0808 NuidFltr - ok
19:53:57.0401 0808 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:53:57.0448 0808 Null - ok
19:53:57.0479 0808 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:53:57.0495 0808 nvraid - ok
19:53:57.0526 0808 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:53:57.0526 0808 nvstor - ok
19:53:57.0542 0808 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:53:57.0557 0808 nv_agp - ok
19:53:57.0557 0808 NwlnkFlt - ok
19:53:57.0573 0808 NwlnkFwd - ok
19:53:57.0682 0808 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:53:57.0713 0808 odserv - ok
19:53:57.0760 0808 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:53:57.0807 0808 ohci1394 - ok
19:53:57.0854 0808 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:53:57.0869 0808 ose - ok
19:53:57.0932 0808 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:53:58.0025 0808 p2pimsvc - ok
19:53:58.0041 0808 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:53:58.0056 0808 p2psvc - ok
19:53:58.0103 0808 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:53:58.0166 0808 Parport - ok
19:53:58.0212 0808 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:53:58.0228 0808 partmgr - ok
19:53:58.0244 0808 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:53:58.0322 0808 Parvdm - ok
19:53:58.0353 0808 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:53:58.0415 0808 PcaSvc - ok
19:53:58.0446 0808 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:53:58.0462 0808 pci - ok
19:53:58.0478 0808 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
19:53:58.0493 0808 pciide - ok
19:53:58.0509 0808 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:53:58.0524 0808 pcmcia - ok
19:53:58.0602 0808 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:53:58.0696 0808 PEAUTH - ok
19:53:58.0790 0808 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:53:58.0930 0808 pla - ok
19:53:59.0039 0808 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:53:59.0102 0808 PlugPlay - ok
19:53:59.0164 0808 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:53:59.0180 0808 PNRPAutoReg - ok
19:53:59.0195 0808 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:53:59.0226 0808 PNRPsvc - ok
19:53:59.0258 0808 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:53:59.0289 0808 PolicyAgent - ok
19:53:59.0336 0808 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:53:59.0398 0808 PptpMiniport - ok
19:53:59.0414 0808 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:53:59.0460 0808 Processor - ok
19:53:59.0507 0808 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:53:59.0554 0808 ProfSvc - ok
19:53:59.0601 0808 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:53:59.0616 0808 ProtectedStorage - ok
19:53:59.0648 0808 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:53:59.0694 0808 PSched - ok
19:53:59.0772 0808 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:53:59.0788 0808 PSI_SVC_2 - ok
19:53:59.0804 0808 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:53:59.0804 0808 PxHelp20 - ok
19:53:59.0913 0808 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:53:59.0991 0808 ql2300 - ok
19:54:00.0006 0808 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:54:00.0022 0808 ql40xx - ok
19:54:00.0069 0808 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:54:00.0116 0808 QWAVE - ok
19:54:00.0147 0808 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:54:00.0147 0808 QWAVEdrv - ok
19:54:00.0162 0808 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:54:00.0178 0808 RasAcd - ok
19:54:00.0194 0808 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:54:00.0225 0808 RasAuto - ok
19:54:00.0225 0808 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:00.0287 0808 Rasl2tp - ok
19:54:00.0334 0808 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:54:00.0350 0808 RasMan - ok
19:54:00.0396 0808 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:00.0443 0808 RasPppoe - ok
19:54:00.0474 0808 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:54:00.0490 0808 RasSstp - ok
19:54:00.0521 0808 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:54:00.0552 0808 rdbss - ok
19:54:00.0584 0808 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:00.0615 0808 RDPCDD - ok
19:54:00.0662 0808 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:54:00.0677 0808 rdpdr - ok
19:54:00.0708 0808 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:54:00.0740 0808 RDPENCDD - ok
19:54:00.0786 0808 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:54:00.0849 0808 RDPWD - ok
19:54:00.0880 0808 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:54:00.0896 0808 RemoteAccess - ok
19:54:00.0942 0808 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:54:00.0989 0808 RemoteRegistry - ok
19:54:01.0020 0808 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:54:01.0067 0808 RpcLocator - ok
19:54:01.0130 0808 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:54:01.0161 0808 RpcSs - ok
19:54:01.0192 0808 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:54:01.0239 0808 rspndr - ok
19:54:01.0286 0808 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:54:01.0301 0808 RTL8169 - ok
19:54:01.0364 0808 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
19:54:01.0410 0808 RTL8187B - ok
19:54:01.0473 0808 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
19:54:01.0535 0808 RTSTOR - ok
19:54:01.0551 0808 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:54:01.0566 0808 SamSs - ok
19:54:01.0598 0808 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:54:01.0598 0808 sbp2port - ok
19:54:01.0644 0808 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:54:01.0691 0808 SCardSvr - ok
19:54:01.0754 0808 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:54:01.0832 0808 Schedule - ok
19:54:01.0863 0808 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:54:01.0894 0808 SCPolicySvc - ok
19:54:01.0910 0808 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:54:01.0972 0808 SDRSVC - ok
19:54:02.0081 0808 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:54:02.0097 0808 SeaPort - ok
19:54:02.0128 0808 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:54:02.0159 0808 secdrv - ok
19:54:02.0175 0808 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:54:02.0222 0808 seclogon - ok
19:54:02.0253 0808 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:54:02.0300 0808 SENS - ok
19:54:02.0331 0808 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:54:02.0409 0808 Serenum - ok
19:54:02.0424 0808 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:54:02.0518 0808 Serial - ok
19:54:02.0534 0808 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:54:02.0580 0808 sermouse - ok
19:54:02.0627 0808 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:54:02.0658 0808 SessionEnv - ok
19:54:02.0674 0808 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:54:02.0721 0808 sffdisk - ok
19:54:02.0736 0808 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:54:02.0768 0808 sffp_mmc - ok
19:54:02.0783 0808 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:54:02.0799 0808 sffp_sd - ok
19:54:02.0814 0808 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:54:02.0861 0808 sfloppy - ok
19:54:02.0924 0808 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:54:02.0970 0808 ShellHWDetection - ok
19:54:03.0002 0808 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:54:03.0002 0808 sisagp - ok
19:54:03.0033 0808 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:54:03.0033 0808 SiSRaid2 - ok
19:54:03.0064 0808 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:54:03.0080 0808 SiSRaid4 - ok
19:54:03.0267 0808 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:54:03.0485 0808 slsvc - ok
19:54:03.0610 0808 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:54:03.0641 0808 SLUINotify - ok
19:54:03.0735 0808 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
19:54:03.0750 0808 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
19:54:03.0750 0808 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
19:54:03.0797 0808 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:54:03.0813 0808 Smb - ok
19:54:03.0828 0808 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:54:03.0844 0808 SNMPTRAP - ok
19:54:03.0860 0808 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:54:03.0875 0808 spldr - ok
19:54:03.0906 0808 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:54:03.0969 0808 Spooler - ok
19:54:04.0062 0808 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
19:54:04.0094 0808 SRTSP - ok
19:54:04.0125 0808 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
19:54:04.0140 0808 SRTSPX - ok
19:54:04.0172 0808 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:54:04.0203 0808 srv - ok
19:54:04.0250 0808 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:54:04.0296 0808 srv2 - ok
19:54:04.0328 0808 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:54:04.0343 0808 srvnet - ok
19:54:04.0359 0808 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:54:04.0406 0808 SSDPSRV - ok
19:54:04.0484 0808 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:54:04.0499 0808 SstpSvc - ok
19:54:04.0593 0808 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:54:04.0624 0808 stisvc - ok
19:54:04.0671 0808 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
19:54:04.0702 0808 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
19:54:04.0702 0808 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
19:54:04.0733 0808 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:54:04.0733 0808 swenum - ok
19:54:04.0780 0808 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:54:04.0827 0808 swprv - ok
19:54:04.0858 0808 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:54:04.0874 0808 Symc8xx - ok
19:54:04.0967 0808 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
19:54:04.0998 0808 SymDS - ok
19:54:05.0061 0808 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
19:54:05.0108 0808 SymEFA - ok
19:54:05.0154 0808 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
19:54:05.0170 0808 SymEvent - ok
19:54:05.0232 0808 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
19:54:05.0248 0808 SymIRON - ok
19:54:05.0295 0808 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
19:54:05.0310 0808 SYMTDIv - ok
19:54:05.0357 0808 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:54:05.0357 0808 Sym_hi - ok
19:54:05.0388 0808 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:54:05.0388 0808 Sym_u3 - ok
19:54:05.0420 0808 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
19:54:05.0435 0808 SynTP - ok
19:54:05.0513 0808 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:54:05.0576 0808 SysMain - ok
19:54:05.0638 0808 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:54:05.0654 0808 TabletInputService - ok
19:54:05.0716 0808 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:54:05.0763 0808 TapiSrv - ok
19:54:05.0794 0808 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:54:05.0810 0808 TBS - ok
19:54:05.0888 0808 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:54:05.0950 0808 Tcpip - ok
19:54:05.0950 0808 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:54:06.0012 0808 Tcpip6 - ok
19:54:06.0059 0808 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:54:06.0075 0808 tcpipreg - ok
19:54:06.0106 0808 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:54:06.0106 0808 tdcmdpst - ok
19:54:06.0137 0808 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:54:06.0184 0808 TDPIPE - ok
19:54:06.0215 0808 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:54:06.0262 0808 TDTCP - ok
19:54:06.0293 0808 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:54:06.0309 0808 tdx - ok
19:54:06.0512 0808 TeamViewer5 (960c1194dc43744c4851995f7daf0552) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
19:54:06.0668 0808 TeamViewer5 - ok
19:54:06.0761 0808 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:54:06.0777 0808 TermDD - ok
19:54:06.0824 0808 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:54:06.0870 0808 TermService - ok
19:54:06.0870 0808 TfFsMon - ok
19:54:06.0886 0808 TfNetMon - ok
19:54:06.0886 0808 TFSysMon - ok
19:54:06.0933 0808 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:54:06.0948 0808 Themes - ok
19:54:06.0964 0808 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:54:06.0995 0808 THREADORDER - ok
19:54:07.0104 0808 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:54:07.0104 0808 TMachInfo - ok
19:54:07.0151 0808 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:54:07.0167 0808 TNaviSrv - ok
19:54:07.0182 0808 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
19:54:07.0182 0808 TODDSrv - ok
19:54:07.0229 0808 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
19:54:07.0276 0808 TosCoSrv - ok
19:54:07.0292 0808 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
19:54:07.0323 0808 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
19:54:07.0323 0808 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
19:54:07.0385 0808 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
19:54:07.0401 0808 tos_sps32 - ok
19:54:07.0416 0808 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:54:07.0463 0808 TrkWks - ok
19:54:07.0526 0808 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:54:07.0557 0808 TrustedInstaller - ok
19:54:07.0588 0808 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:07.0604 0808 tssecsrv - ok
19:54:07.0619 0808 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:54:07.0682 0808 tunmp - ok
19:54:07.0713 0808 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:54:07.0728 0808 tunnel - ok
19:54:07.0744 0808 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:54:07.0760 0808 TVALZ - ok
19:54:07.0775 0808 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:54:07.0791 0808 uagp35 - ok
19:54:07.0822 0808 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:54:07.0853 0808 udfs - ok
19:54:07.0869 0808 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:54:07.0916 0808 UI0Detect - ok
19:54:07.0994 0808 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:54:08.0025 0808 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:54:08.0025 0808 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:54:08.0056 0808 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:54:08.0072 0808 uliagpkx - ok
19:54:08.0087 0808 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:54:08.0103 0808 uliahci - ok
19:54:08.0118 0808 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:54:08.0134 0808 UlSata - ok
19:54:08.0165 0808 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:54:08.0181 0808 ulsata2 - ok
19:54:08.0196 0808 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:54:08.0243 0808 umbus - ok
19:54:08.0274 0808 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:54:08.0306 0808 upnphost - ok
19:54:08.0337 0808 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:54:08.0368 0808 usbbus - ok
19:54:08.0384 0808 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:08.0430 0808 usbccgp - ok
19:54:08.0462 0808 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:54:08.0540 0808 usbcir - ok
19:54:08.0571 0808 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:54:08.0586 0808 UsbDiag - ok
19:54:08.0618 0808 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:54:08.0664 0808 usbehci - ok
19:54:08.0696 0808 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:54:08.0742 0808 usbhub - ok
19:54:08.0774 0808 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:54:08.0805 0808 USBModem - ok
19:54:08.0852 0808 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:54:08.0914 0808 usbohci - ok
19:54:08.0945 0808 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:54:08.0976 0808 usbprint - ok
19:54:08.0992 0808 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:54:09.0039 0808 usbscan - ok
19:54:09.0086 0808 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:09.0101 0808 USBSTOR - ok
19:54:09.0117 0808 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:54:09.0132 0808 usbuhci - ok
19:54:09.0179 0808 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:54:09.0210 0808 usbvideo - ok
19:54:09.0242 0808 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
19:54:09.0257 0808 UVCFTR - ok
19:54:09.0288 0808 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:54:09.0335 0808 UxSms - ok
19:54:09.0382 0808 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:54:09.0444 0808 vds - ok
19:54:09.0476 0808 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:09.0507 0808 vga - ok
19:54:09.0522 0808 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:54:09.0585 0808 VgaSave - ok
19:54:09.0600 0808 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:54:09.0616 0808 viaagp - ok
19:54:09.0632 0808 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:54:09.0678 0808 ViaC7 - ok
19:54:09.0694 0808 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:54:09.0710 0808 viaide - ok
19:54:09.0741 0808 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:54:09.0756 0808 volmgr - ok
19:54:09.0803 0808 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:54:09.0819 0808 volmgrx - ok
19:54:09.0834 0808 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:54:09.0850 0808 volsnap - ok
19:54:09.0881 0808 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:54:09.0881 0808 vsmraid - ok
19:54:09.0959 0808 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:54:10.0053 0808 VSS - ok
19:54:10.0115 0808 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:54:10.0162 0808 W32Time - ok
19:54:10.0209 0808 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:54:10.0256 0808 WacomPen - ok
19:54:10.0271 0808 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:10.0302 0808 Wanarp - ok
19:54:10.0302 0808 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:54:10.0318 0808 Wanarpv6 - ok
19:54:10.0349 0808 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:54:10.0412 0808 wcncsvc - ok
19:54:10.0458 0808 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:54:10.0490 0808 WcsPlugInService - ok
19:54:10.0521 0808 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:54:10.0536 0808 Wd - ok
19:54:10.0568 0808 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:54:10.0599 0808 Wdf01000 - ok
19:54:10.0614 0808 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:54:10.0661 0808 WdiServiceHost - ok
19:54:10.0661 0808 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:54:10.0692 0808 WdiSystemHost - ok
19:54:10.0739 0808 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:54:10.0786 0808 WebClient - ok
19:54:10.0817 0808 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:54:10.0880 0808 Wecsvc - ok
19:54:10.0895 0808 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:54:10.0911 0808 wercplsupport - ok
19:54:10.0942 0808 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:54:10.0989 0808 WerSvc - ok
19:54:11.0004 0808 WinHttpAutoProxySvc - ok
19:54:11.0051 0808 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:54:11.0067 0808 Winmgmt - ok
19:54:11.0160 0808 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:54:11.0238 0808 WinRM - ok
19:54:11.0316 0808 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:54:11.0394 0808 Wlansvc - ok
19:54:11.0472 0808 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:54:11.0488 0808 wlcrasvc - ok
19:54:11.0628 0808 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:11.0738 0808 wlidsvc - ok
19:54:11.0847 0808 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:54:11.0878 0808 WmiAcpi - ok
19:54:11.0940 0808 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:54:11.0987 0808 wmiApSrv - ok
19:54:12.0096 0808 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:54:12.0159 0808 WMPNetworkSvc - ok
19:54:12.0190 0808 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:54:12.0252 0808 WPCSvc - ok
19:54:12.0299 0808 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:54:12.0362 0808 WPDBusEnum - ok
19:54:12.0408 0808 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:54:12.0455 0808 WpdUsb - ok
19:54:12.0580 0808 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:54:12.0642 0808 WPFFontCache_v0400 - ok
19:54:12.0674 0808 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:54:12.0720 0808 ws2ifsl - ok
19:54:12.0720 0808 WSearch - ok
19:54:12.0783 0808 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:12.0830 0808 WUDFRd - ok
19:54:12.0861 0808 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:54:12.0908 0808 wudfsvc - ok
19:54:12.0970 0808 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:54:13.0344 0808 \Device\Harddisk0\DR0 - ok
19:54:13.0360 0808 Boot (0x1200) (e379bb9e3b2bf7dcd6e9fcb2e7df2619) \Device\Harddisk0\DR0\Partition0
19:54:13.0376 0808 \Device\Harddisk0\DR0\Partition0 - ok
19:54:13.0376 0808 ============================================================
19:54:13.0376 0808 Scan finished
19:54:13.0376 0808 ============================================================
19:54:13.0422 1456 Detected object count: 6
19:54:13.0422 1456 Actual detected object count: 6
19:54:20.0832 1456 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0832 1456 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:20.0832 1456 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0832 1456 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:20.0832 1456 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0832 1456 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:20.0832 1456 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0848 1456 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:20.0848 1456 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0848 1456 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:54:20.0848 1456 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:54:20.0848 1456 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:16.0166 1008 ============================================================
19:55:16.0166 1008 Scan started
19:55:16.0166 1008 Mode: Manual; SigCheck; TDLFS;
19:55:16.0166 1008 ============================================================
19:55:16.0743 1008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:55:16.0758 1008 ACPI - ok
19:55:16.0836 1008 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:55:16.0852 1008 AdobeFlashPlayerUpdateSvc - ok
19:55:16.0899 1008 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:55:16.0914 1008 adp94xx - ok
19:55:16.0946 1008 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:55:16.0961 1008 adpahci - ok
19:55:16.0977 1008 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:55:16.0992 1008 adpu160m - ok
19:55:17.0024 1008 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:55:17.0039 1008 adpu320 - ok
19:55:17.0070 1008 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:55:17.0086 1008 AeLookupSvc - ok
19:55:17.0117 1008 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:55:17.0133 1008 AFD - ok
19:55:17.0148 1008 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
19:55:17.0148 1008 AgereModemAudio - ok
19:55:17.0226 1008 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
19:55:17.0258 1008 AgereSoftModem - ok
19:55:17.0289 1008 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:55:17.0304 1008 agp440 - ok
19:55:17.0336 1008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:55:17.0336 1008 aic78xx - ok
19:55:17.0367 1008 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:55:17.0382 1008 ALG - ok
19:55:17.0398 1008 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:55:17.0414 1008 aliide - ok
19:55:17.0429 1008 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:55:17.0445 1008 amdagp - ok
19:55:17.0460 1008 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:55:17.0476 1008 amdide - ok
19:55:17.0492 1008 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:55:17.0507 1008 AmdK7 - ok
19:55:17.0523 1008 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:55:17.0554 1008 AmdK8 - ok
19:55:17.0585 1008 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:55:17.0601 1008 Appinfo - ok
19:55:17.0616 1008 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:55:17.0616 1008 arc - ok
19:55:17.0648 1008 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:55:17.0663 1008 arcsas - ok
19:55:17.0663 1008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:55:17.0694 1008 AsyncMac - ok
19:55:17.0710 1008 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
19:55:17.0726 1008 atapi - ok
19:55:17.0757 1008 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:55:17.0788 1008 AudioEndpointBuilder - ok
19:55:17.0788 1008 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:55:17.0804 1008 Audiosrv - ok
19:55:17.0897 1008 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:55:17.0913 1008 BBSvc - ok
19:55:17.0928 1008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:55:17.0960 1008 Beep - ok
19:55:18.0100 1008 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
19:55:18.0131 1008 BHDrvx86 - ok
19:55:18.0162 1008 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:55:18.0178 1008 blbdrive - ok
19:55:18.0209 1008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:55:18.0225 1008 bowser - ok
19:55:18.0240 1008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:55:18.0256 1008 BrFiltLo - ok
19:55:18.0272 1008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:55:18.0287 1008 BrFiltUp - ok
19:55:18.0303 1008 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:55:18.0334 1008 Browser - ok
19:55:18.0350 1008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:55:18.0396 1008 Brserid - ok
19:55:18.0412 1008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:55:18.0459 1008 BrSerWdm - ok
19:55:18.0474 1008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:55:18.0506 1008 BrUsbMdm - ok
19:55:18.0521 1008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:55:18.0552 1008 BrUsbSer - ok
19:55:18.0584 1008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:55:18.0615 1008 BTHMODEM - ok
19:55:18.0724 1008 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
19:55:18.0740 1008 ccSet_N360 - ok
19:55:18.0755 1008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:55:18.0771 1008 cdfs - ok
19:55:18.0818 1008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:55:18.0833 1008 cdrom - ok
19:55:18.0864 1008 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:55:18.0880 1008 CertPropSvc - ok
19:55:18.0896 1008 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:55:18.0927 1008 circlass - ok
19:55:18.0958 1008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:55:18.0974 1008 CLFS - ok
19:55:19.0036 1008 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:19.0052 1008 clr_optimization_v2.0.50727_32 - ok
19:55:19.0098 1008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:19.0114 1008 clr_optimization_v4.0.30319_32 - ok
19:55:19.0114 1008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:55:19.0145 1008 CmBatt - ok
19:55:19.0161 1008 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:55:19.0176 1008 cmdide - ok
19:55:19.0192 1008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:55:19.0208 1008 Compbatt - ok
19:55:19.0208 1008 COMSysApp - ok
19:55:19.0301 1008 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:55:19.0301 1008 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
19:55:19.0301 1008 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
19:55:19.0364 1008 cpuz132 - ok
19:55:19.0379 1008 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:55:19.0395 1008 crcdisk - ok
19:55:19.0410 1008 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:55:19.0442 1008 Crusoe - ok
19:55:19.0473 1008 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:55:19.0488 1008 CryptSvc - ok
19:55:19.0535 1008 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:55:19.0566 1008 DcomLaunch - ok
19:55:19.0598 1008 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:55:19.0598 1008 DfsC - ok
19:55:19.0722 1008 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:55:19.0785 1008 DFSR - ok
19:55:19.0878 1008 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:55:19.0910 1008 Dhcp - ok
19:55:19.0956 1008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:55:19.0972 1008 disk - ok
19:55:20.0003 1008 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:55:20.0019 1008 Dnscache - ok
19:55:20.0050 1008 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:55:20.0066 1008 dot3svc - ok
19:55:20.0081 1008 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:55:20.0112 1008 DPS - ok
19:55:20.0144 1008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:55:20.0159 1008 drmkaud - ok
19:55:20.0222 1008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:55:20.0253 1008 DXGKrnl - ok
19:55:20.0268 1008 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:55:20.0300 1008 E1G60 - ok
19:55:20.0315 1008 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:55:20.0331 1008 EapHost - ok
19:55:20.0362 1008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:55:20.0378 1008 Ecache - ok
19:55:20.0456 1008 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:55:20.0471 1008 eeCtrl - ok
19:55:20.0534 1008 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:55:20.0549 1008 ehRecvr - ok
19:55:20.0565 1008 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:55:20.0580 1008 ehSched - ok
19:55:20.0596 1008 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:55:20.0612 1008 ehstart - ok
19:55:20.0643 1008 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:55:20.0658 1008 elxstor - ok
19:55:20.0721 1008 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:55:20.0736 1008 EMDMgmt - ok
19:55:20.0799 1008 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:55:20.0814 1008 EraserUtilRebootDrv - ok
19:55:20.0830 1008 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:55:20.0861 1008 ErrDev - ok
19:55:20.0892 1008 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:55:20.0908 1008 EventSystem - ok
19:55:20.0939 1008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:55:20.0939 1008 exfat - ok
19:55:20.0970 1008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:55:20.0986 1008 fastfat - ok
19:55:21.0017 1008 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:55:21.0033 1008 fdc - ok
19:55:21.0064 1008 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:55:21.0080 1008 fdPHost - ok
19:55:21.0095 1008 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:55:21.0142 1008 FDResPub - ok
19:55:21.0158 1008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:55:21.0173 1008 FileInfo - ok
19:55:21.0189 1008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:55:21.0220 1008 Filetrace - ok
19:55:21.0236 1008 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:55:21.0251 1008 flpydisk - ok
19:55:21.0298 1008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:55:21.0314 1008 FltMgr - ok
19:55:21.0376 1008 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:55:21.0392 1008 FontCache - ok
19:55:21.0438 1008 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:55:21.0438 1008 FontCache3.0.0.0 - ok
19:55:21.0470 1008 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
19:55:21.0470 1008 fssfltr - ok
19:55:21.0626 1008 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:55:21.0688 1008 fsssvc - ok
19:55:21.0782 1008 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:55:21.0797 1008 Fs_Rec - ok
19:55:21.0797 1008 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
19:55:21.0813 1008 FwLnk - ok
19:55:21.0828 1008 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:55:21.0844 1008 gagp30kx - ok
19:55:21.0891 1008 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
19:55:21.0891 1008 GamesAppService - ok
19:55:21.0906 1008 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:55:21.0922 1008 GEARAspiWDM - ok
19:55:21.0953 1008 getPlusHelper (ce8f5b65d6cfe435fb9bf875eda99d55) C:\Program Files\NOS\bin\getPlus_Helper.dll
19:55:21.0953 1008 getPlusHelper - ok
19:55:22.0016 1008 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:55:22.0031 1008 GoogleDesktopManager-051210-111108 - ok
19:55:22.0094 1008 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:55:22.0109 1008 gpsvc - ok
19:55:22.0172 1008 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:22.0172 1008 gupdate - ok
19:55:22.0187 1008 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:55:22.0187 1008 gupdatem - ok
19:55:22.0218 1008 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:22.0234 1008 gusvc - ok
19:55:22.0265 1008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:55:22.0312 1008 HdAudAddService - ok
19:55:22.0374 1008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:55:22.0406 1008 HDAudBus - ok
19:55:22.0421 1008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:55:22.0468 1008 HidBth - ok
19:55:22.0468 1008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:55:22.0515 1008 HidIr - ok
19:55:22.0546 1008 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:55:22.0562 1008 hidserv - ok
19:55:22.0577 1008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:55:22.0593 1008 HidUsb - ok
19:55:22.0608 1008 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:55:22.0640 1008 hkmsvc - ok
19:55:22.0655 1008 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:55:22.0671 1008 HpCISSs - ok
19:55:22.0702 1008 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:55:22.0718 1008 HTTP - ok
19:55:22.0749 1008 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:55:22.0764 1008 i2omp - ok
19:55:22.0796 1008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:55:22.0811 1008 i8042prt - ok
19:55:22.0889 1008 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:55:22.0905 1008 IAANTMON - ok
19:55:22.0952 1008 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
19:55:22.0967 1008 iaStor - ok
19:55:22.0998 1008 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:55:23.0014 1008 iaStorV - ok
19:55:23.0076 1008 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:55:23.0076 1008 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:55:23.0076 1008 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:55:23.0170 1008 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:55:23.0201 1008 idsvc - ok
19:55:23.0342 1008 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120727.001\IDSvix86.sys
19:55:23.0357 1008 IDSVix86 - ok
19:55:23.0576 1008 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:55:23.0638 1008 igfx - ok
19:55:23.0732 1008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:55:23.0747 1008 iirsp - ok
19:55:23.0794 1008 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:55:23.0825 1008 IKEEXT - ok
19:55:23.0966 1008 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
19:55:24.0044 1008 IntcAzAudAddService - ok
19:55:24.0137 1008 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:55:24.0153 1008 intelide - ok
19:55:24.0168 1008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:55:24.0200 1008 intelppm - ok
19:55:24.0215 1008 IO_Memory - ok
19:55:24.0246 1008 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:55:24.0278 1008 IPBusEnum - ok
19:55:24.0293 1008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:55:24.0324 1008 IpFilterDriver - ok
19:55:24.0324 1008 IpInIp - ok
19:55:24.0356 1008 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:55:24.0371 1008 IPMIDRV - ok
19:55:24.0402 1008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:55:24.0418 1008 IPNAT - ok
19:55:24.0449 1008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:55:24.0465 1008 IRENUM - ok
19:55:24.0480 1008 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:55:24.0496 1008 isapnp - ok
19:55:24.0543 1008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:55:24.0558 1008 iScsiPrt - ok
19:55:24.0574 1008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:55:24.0590 1008 iteatapi - ok
19:55:24.0605 1008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:55:24.0605 1008 iteraid - ok
19:55:24.0636 1008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:55:24.0636 1008 kbdclass - ok
19:55:24.0668 1008 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:55:24.0683 1008 kbdhid - ok
19:55:24.0714 1008 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:55:24.0714 1008 KeyIso - ok
19:55:24.0746 1008 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
19:55:24.0761 1008 KR10I - ok
19:55:24.0777 1008 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
19:55:24.0792 1008 KR10N - ok
19:55:24.0839 1008 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:55:24.0870 1008 KSecDD - ok
19:55:24.0917 1008 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:55:24.0948 1008 KtmRm - ok
19:55:24.0980 1008 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:55:24.0995 1008 LanmanServer - ok
19:55:25.0042 1008 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:55:25.0058 1008 LanmanWorkstation - ok
19:55:25.0104 1008 LexBceS (027d03d9d8ab95194a115a999e960ac0) C:\Windows\System32\LEXBCES.EXE
19:55:25.0120 1008 LexBceS - ok
19:55:25.0151 1008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:55:25.0182 1008 lltdio - ok
19:55:25.0214 1008 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:55:25.0245 1008 lltdsvc - ok
19:55:25.0260 1008 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:55:25.0307 1008 lmhosts - ok
19:55:25.0323 1008 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:55:25.0338 1008 LSI_FC - ok
19:55:25.0354 1008 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:55:25.0370 1008 LSI_SAS - ok
19:55:25.0385 1008 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:55:25.0401 1008 LSI_SCSI - ok
19:55:25.0432 1008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:55:25.0448 1008 luafv - ok
19:55:25.0463 1008 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:55:25.0479 1008 Mcx2Svc - ok
19:55:25.0494 1008 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:55:25.0510 1008 megasas - ok
19:55:25.0541 1008 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:55:25.0557 1008 MegaSR - ok
19:55:25.0588 1008 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:55:25.0604 1008 MMCSS - ok
19:55:25.0619 1008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:55:25.0635 1008 Modem - ok
19:55:25.0650 1008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:55:25.0682 1008 monitor - ok
19:55:25.0713 1008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:55:25.0713 1008 mouclass - ok
19:55:25.0728 1008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:55:25.0760 1008 mouhid - ok
19:55:25.0775 1008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:55:25.0791 1008 MountMgr - ok
19:55:25.0806 1008 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:55:25.0822 1008 mpio - ok
19:55:25.0838 1008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:55:25.0853 1008 mpsdrv - ok
19:55:25.0884 1008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:55:25.0884 1008 Mraid35x - ok
19:55:25.0916 1008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:55:25.0931 1008 MRxDAV - ok
19:55:25.0962 1008 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:55:25.0978 1008 mrxsmb - ok
19:55:26.0025 1008 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:55:26.0025 1008 mrxsmb10 - ok
19:55:26.0040 1008 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:55:26.0056 1008 mrxsmb20 - ok
19:55:26.0087 1008 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
19:55:26.0087 1008 msahci - ok
19:55:26.0118 1008 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:55:26.0134 1008 msdsm - ok
19:55:26.0150 1008 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:55:26.0181 1008 MSDTC - ok
19:55:26.0196 1008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:55:26.0228 1008 Msfs - ok
19:55:26.0259 1008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:55:26.0274 1008 msisadrv - ok
19:55:26.0337 1008 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:55:26.0352 1008 MSiSCSI - ok
19:55:26.0352 1008 msiserver - ok
19:55:26.0384 1008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:55:26.0399 1008 MSKSSRV - ok
19:55:26.0415 1008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:55:26.0430 1008 MSPCLOCK - ok
19:55:26.0446 1008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:55:26.0462 1008 MSPQM - ok
19:55:26.0508 1008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:55:26.0524 1008 MsRPC - ok
19:55:26.0540 1008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:55:26.0555 1008 mssmbios - ok
19:55:26.0571 1008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:55:26.0586 1008 MSTEE - ok
19:55:26.0602 1008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:55:26.0618 1008 Mup - ok
19:55:26.0696 1008 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
19:55:26.0711 1008 N360 - ok
19:55:26.0742 1008 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:55:26.0774 1008 napagent - ok
19:55:26.0805 1008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:55:26.0820 1008 NativeWifiP - ok
19:55:26.0945 1008 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVENG.SYS
19:55:26.0961 1008 NAVENG - ok
19:55:27.0054 1008 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVEX15.SYS
19:55:27.0117 1008 NAVEX15 - ok
19:55:27.0257 1008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:55:27.0273 1008 NDIS - ok
19:55:27.0320 1008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:55:27.0335 1008 NdisTapi - ok
19:55:27.0351 1008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:55:27.0366 1008 Ndisuio - ok
19:55:27.0413 1008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:55:27.0429 1008 NdisWan - ok
19:55:27.0444 1008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:55:27.0460 1008 NDProxy - ok
19:55:27.0491 1008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:55:27.0522 1008 NetBIOS - ok
19:55:27.0538 1008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:55:27.0554 1008 netbt - ok
19:55:27.0585 1008 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:55:27.0600 1008 Netlogon - ok
19:55:27.0647 1008 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:55:27.0663 1008 Netman - ok
19:55:27.0694 1008 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:55:27.0725 1008 netprofm - ok
19:55:27.0756 1008 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:27.0772 1008 NetTcpPortSharing - ok
19:55:27.0803 1008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:55:27.0803 1008 nfrd960 - ok
19:55:27.0834 1008 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:55:27.0866 1008 NlaSvc - ok
19:55:27.0866 1008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:55:27.0897 1008 Npfs - ok
19:55:27.0897 1008 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:55:27.0928 1008 nsi - ok
19:55:27.0944 1008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:55:27.0959 1008 nsiproxy - ok
19:55:28.0053 1008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:55:28.0084 1008 Ntfs - ok
19:55:28.0131 1008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:55:28.0178 1008 ntrigdigi - ok
19:55:28.0209 1008 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:55:28.0209 1008 NuidFltr - ok
19:55:28.0224 1008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:55:28.0240 1008 Null - ok
19:55:28.0256 1008 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:55:28.0271 1008 nvraid - ok
19:55:28.0287 1008 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:55:28.0302 1008 nvstor - ok
19:55:28.0318 1008 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:55:28.0334 1008 nv_agp - ok
19:55:28.0334 1008 NwlnkFlt - ok
19:55:28.0349 1008 NwlnkFwd - ok
19:55:28.0443 1008 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:55:28.0458 1008 odserv - ok
19:55:28.0490 1008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:55:28.0536 1008 ohci1394 - ok
19:55:28.0568 1008 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:28.0583 1008 ose - ok
19:55:28.0630 1008 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:55:28.0661 1008 p2pimsvc - ok
19:55:28.0661 1008 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:55:28.0692 1008 p2psvc - ok
19:55:28.0724 1008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:55:28.0770 1008 Parport - ok
19:55:28.0802 1008 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:55:28.0817 1008 partmgr - ok
19:55:28.0833 1008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:55:28.0864 1008 Parvdm - ok
19:55:28.0895 1008 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:55:28.0895 1008 PcaSvc - ok
19:55:28.0926 1008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:55:28.0942 1008 pci - ok
19:55:28.0958 1008 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
19:55:28.0973 1008 pciide - ok
19:55:29.0004 1008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:55:29.0020 1008 pcmcia - ok
19:55:29.0082 1008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:55:29.0129 1008 PEAUTH - ok
19:55:29.0238 1008 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:55:29.0316 1008 pla - ok
19:55:29.0426 1008 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:55:29.0441 1008 PlugPlay - ok
19:55:29.0504 1008 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:55:29.0535 1008 PNRPAutoReg - ok
19:55:29.0535 1008 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:55:29.0566 1008 PNRPsvc - ok
19:55:29.0597 1008 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:55:29.0628 1008 PolicyAgent - ok
19:55:29.0675 1008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:55:29.0691 1008 PptpMiniport - ok
19:55:29.0706 1008 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:55:29.0738 1008 Processor - ok
19:55:29.0769 1008 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:55:29.0784 1008 ProfSvc - ok
19:55:29.0816 1008 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:55:29.0816 1008 ProtectedStorage - ok
19:55:29.0862 1008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:55:29.0878 1008 PSched - ok
19:55:29.0940 1008 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:55:29.0956 1008 PSI_SVC_2 - ok
19:55:29.0972 1008 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:55:29.0972 1008 PxHelp20 - ok
19:55:30.0050 1008 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:55:30.0081 1008 ql2300 - ok
19:55:30.0112 1008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:55:30.0128 1008 ql40xx - ok
19:55:30.0159 1008 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:55:30.0174 1008 QWAVE - ok
19:55:30.0190 1008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:55:30.0206 1008 QWAVEdrv - ok
19:55:30.0221 1008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:55:30.0252 1008 RasAcd - ok
19:55:30.0252 1008 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:55:30.0284 1008 RasAuto - ok
19:55:30.0299 1008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:55:30.0315 1008 Rasl2tp - ok
19:55:30.0362 1008 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:55:30.0377 1008 RasMan - ok
19:55:30.0424 1008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:55:30.0440 1008 RasPppoe - ok
19:55:30.0471 1008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:55:30.0486 1008 RasSstp - ok
19:55:30.0518 1008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:55:30.0549 1008 rdbss - ok
19:55:30.0549 1008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:55:30.0580 1008 RDPCDD - ok
19:55:30.0611 1008 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:55:30.0642 1008 rdpdr - ok
19:55:30.0642 1008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:55:30.0674 1008 RDPENCDD - ok
19:55:30.0720 1008 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:55:30.0736 1008 RDPWD - ok
19:55:30.0767 1008 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:55:30.0783 1008 RemoteAccess - ok
19:55:30.0830 1008 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:55:30.0845 1008 RemoteRegistry - ok
19:55:30.0876 1008 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:55:30.0876 1008 RpcLocator - ok
19:55:30.0939 1008 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:55:30.0970 1008 RpcSs - ok
19:55:31.0001 1008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:55:31.0017 1008 rspndr - ok
19:55:31.0064 1008 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:55:31.0079 1008 RTL8169 - ok
19:55:31.0126 1008 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
19:55:31.0142 1008 RTL8187B - ok
19:55:31.0173 1008 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
19:55:31.0188 1008 RTSTOR - ok
19:55:31.0204 1008 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:55:31.0220 1008 SamSs - ok
19:55:31.0251 1008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:55:31.0266 1008 sbp2port - ok
19:55:31.0313 1008 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:55:31.0344 1008 SCardSvr - ok
19:55:31.0391 1008 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:55:31.0422 1008 Schedule - ok
19:55:31.0454 1008 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:55:31.0469 1008 SCPolicySvc - ok
19:55:31.0500 1008 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:55:31.0516 1008 SDRSVC - ok
19:55:31.0610 1008 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:55:31.0625 1008 SeaPort - ok
19:55:31.0641 1008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:55:31.0688 1008 secdrv - ok
19:55:31.0703 1008 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:55:31.0719 1008 seclogon - ok
19:55:31.0734 1008 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:55:31.0750 1008 SENS - ok
19:55:31.0766 1008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:55:31.0812 1008 Serenum - ok
19:55:31.0828 1008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:55:31.0859 1008 Serial - ok
19:55:31.0875 1008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:55:31.0906 1008 sermouse - ok
19:55:31.0937 1008 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:55:31.0968 1008 SessionEnv - ok
19:55:31.0984 1008 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:55:32.0000 1008 sffdisk - ok
19:55:32.0015 1008 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:55:32.0031 1008 sffp_mmc - ok
19:55:32.0062 1008 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:55:32.0093 1008 sffp_sd - ok
19:55:32.0093 1008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:55:32.0140 1008 sfloppy - ok
19:55:32.0187 1008 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:55:32.0202 1008 ShellHWDetection - ok
19:55:32.0218 1008 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:55:32.0234 1008 sisagp - ok
19:55:32.0249 1008 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:55:32.0249 1008 SiSRaid2 - ok
19:55:32.0296 1008 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:55:32.0296 1008 SiSRaid4 - ok
19:55:32.0499 1008 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:55:32.0624 1008 slsvc - ok
19:55:32.0748 1008 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:55:32.0764 1008 SLUINotify - ok
19:55:32.0842 1008 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
19:55:32.0842 1008 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
19:55:32.0842 1008 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
19:55:32.0873 1008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:55:32.0904 1008 Smb - ok
19:55:32.0920 1008 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:55:32.0936 1008 SNMPTRAP - ok
19:55:32.0936 1008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:55:32.0951 1008 spldr - ok
19:55:32.0998 1008 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:55:33.0014 1008 Spooler - ok
19:55:33.0107 1008 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
19:55:33.0123 1008 SRTSP - ok
19:55:33.0154 1008 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
19:55:33.0170 1008 SRTSPX - ok
19:55:33.0216 1008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:55:33.0216 1008 srv - ok
19:55:33.0263 1008 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:55:33.0279 1008 srv2 - ok
19:55:33.0294 1008 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:55:33.0294 1008 srvnet - ok
19:55:33.0326 1008 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:55:33.0357 1008 SSDPSRV - ok
19:55:33.0372 1008 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:55:33.0388 1008 SstpSvc - ok
19:55:33.0435 1008 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:55:33.0450 1008 stisvc - ok
19:55:33.0497 1008 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
19:55:33.0497 1008 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
19:55:33.0497 1008 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
19:55:33.0528 1008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:55:33.0528 1008 swenum - ok
19:55:33.0575 1008 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:55:33.0606 1008 swprv - ok
19:55:33.0638 1008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:55:33.0653 1008 Symc8xx - ok
19:55:33.0731 1008 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
19:55:33.0747 1008 SymDS - ok
19:55:33.0794 1008 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
19:55:33.0825 1008 SymEFA - ok
19:55:33.0872 1008 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
19:55:33.0887 1008 SymEvent - ok
19:55:33.0918 1008 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
19:55:33.0934 1008 SymIRON - ok
19:55:33.0981 1008 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS
19:55:33.0996 1008 SYMTDIv - ok
19:55:34.0028 1008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:55:34.0043 1008 Sym_hi - ok
19:55:34.0059 1008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:55:34.0074 1008 Sym_u3 - ok
19:55:34.0137 1008 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
19:55:34.0137 1008 SynTP - ok
19:55:34.0199 1008 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:55:34.0230 1008 SysMain - ok
19:55:34.0246 1008 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:55:34.0262 1008 TabletInputService - ok
19:55:34.0308 1008 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:55:34.0340 1008 TapiSrv - ok
19:55:34.0355 1008 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:55:34.0386 1008 TBS - ok
19:55:34.0449 1008 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:55:34.0480 1008 Tcpip - ok
19:55:34.0496 1008 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:55:34.0527 1008 Tcpip6 - ok
19:55:34.0574 1008 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:55:34.0589 1008 tcpipreg - ok
19:55:34.0620 1008 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:55:34.0620 1008 tdcmdpst - ok
19:55:34.0652 1008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:55:34.0683 1008 TDPIPE - ok
19:55:34.0698 1008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:55:34.0714 1008 TDTCP - ok
19:55:34.0745 1008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:55:34.0761 1008 tdx - ok
19:55:34.0964 1008 TeamViewer5 (960c1194dc43744c4851995f7daf0552) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
19:55:35.0088 1008 TeamViewer5 - ok
19:55:35.0198 1008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:55:35.0213 1008 TermDD - ok
19:55:35.0260 1008 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:55:35.0291 1008 TermService - ok
19:55:35.0291 1008 TfFsMon - ok
19:55:35.0307 1008 TfNetMon - ok
19:55:35.0307 1008 TFSysMon - ok
19:55:35.0385 1008 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:55:35.0400 1008 Themes - ok
19:55:35.0463 1008 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:55:35.0478 1008 THREADORDER - ok
19:55:35.0588 1008 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:55:35.0603 1008 TMachInfo - ok
19:55:35.0634 1008 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:55:35.0650 1008 TNaviSrv - ok
19:55:35.0666 1008 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
19:55:35.0681 1008 TODDSrv - ok
19:55:35.0728 1008 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
19:55:35.0744 1008 TosCoSrv - ok
19:55:35.0759 1008 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
19:55:35.0759 1008 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
19:55:35.0759 1008 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
19:55:35.0822 1008 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
19:55:35.0837 1008 tos_sps32 - ok
19:55:35.0868 1008 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:55:35.0884 1008 TrkWks - ok
19:55:35.0931 1008 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:55:35.0946 1008 TrustedInstaller - ok
19:55:35.0978 1008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:55:35.0993 1008 tssecsrv - ok
19:55:36.0009 1008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:55:36.0024 1008 tunmp - ok
19:55:36.0056 1008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:55:36.0071 1008 tunnel - ok
19:55:36.0087 1008 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:55:36.0102 1008 TVALZ - ok
19:55:36.0118 1008 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:55:36.0134 1008 uagp35 - ok
19:55:36.0180 1008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:55:36.0196 1008 udfs - ok
19:55:36.0212 1008 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:55:36.0243 1008 UI0Detect - ok
19:55:36.0305 1008 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:55:36.0305 1008 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
19:55:36.0305 1008 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
19:55:36.0336 1008 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:55:36.0336 1008 uliagpkx - ok
19:55:36.0383 1008 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:55:36.0399 1008 uliahci - ok
19:55:36.0414 1008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:55:36.0430 1008 UlSata - ok
19:55:36.0461 1008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:55:36.0477 1008 ulsata2 - ok
19:55:36.0492 1008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:55:36.0524 1008 umbus - ok
19:55:36.0570 1008 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:55:36.0586 1008 upnphost - ok
19:55:36.0617 1008 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:55:36.0633 1008 usbbus - ok
19:55:36.0648 1008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:55:36.0680 1008 usbccgp - ok
19:55:36.0695 1008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:55:36.0742 1008 usbcir - ok
19:55:36.0758 1008 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:55:36.0773 1008 UsbDiag - ok
19:55:36.0789 1008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:55:36.0820 1008 usbehci - ok
19:55:36.0851 1008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:55:36.0882 1008 usbhub - ok
19:55:36.0914 1008 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:55:36.0914 1008 USBModem - ok
19:55:36.0945 1008 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:55:36.0992 1008 usbohci - ok
19:55:37.0007 1008 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:55:37.0038 1008 usbprint - ok
19:55:37.0054 1008 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:55:37.0085 1008 usbscan - ok
19:55:37.0116 1008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:55:37.0132 1008 USBSTOR - ok
19:55:37.0148 1008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:55:37.0163 1008 usbuhci - ok
19:55:37.0179 1008 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:55:37.0210 1008 usbvideo - ok
19:55:37.0226 1008 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
19:55:37.0241 1008 UVCFTR - ok
19:55:37.0272 1008 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:55:37.0288 1008 UxSms - ok
19:55:37.0319 1008 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:55:37.0350 1008 vds - ok
19:55:37.0366 1008 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:55:37.0397 1008 vga - ok
19:55:37.0413 1008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:55:37.0444 1008 VgaSave - ok
19:55:37.0475 1008 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:55:37.0475 1008 viaagp - ok
19:55:37.0491 1008 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:55:37.0506 1008 ViaC7 - ok
19:55:37.0538 1008 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:55:37.0538 1008 viaide - ok
19:55:37.0584 1008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:55:37.0584 1008 volmgr - ok
19:55:37.0631 1008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:55:37.0647 1008 volmgrx - ok
19:55:37.0662 1008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:55:37.0678 1008 volsnap - ok
19:55:37.0709 1008 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:55:37.0709 1008 vsmraid - ok
19:55:37.0803 1008 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:55:37.0850 1008 VSS - ok
19:55:37.0881 1008 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:55:37.0912 1008 W32Time - ok
19:55:37.0959 1008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:55:37.0990 1008 WacomPen - ok
19:55:38.0021 1008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:38.0037 1008 Wanarp - ok
19:55:38.0037 1008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:55:38.0052 1008 Wanarpv6 - ok
19:55:38.0084 1008 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:55:38.0115 1008 wcncsvc - ok
19:55:38.0146 1008 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:55:38.0162 1008 WcsPlugInService - ok
19:55:38.0177 1008 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:55:38.0193 1008 Wd - ok
19:55:38.0240 1008 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:55:38.0255 1008 Wdf01000 - ok
19:55:38.0271 1008 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:55:38.0302 1008 WdiServiceHost - ok
19:55:38.0302 1008 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:55:38.0333 1008 WdiSystemHost - ok
19:55:38.0364 1008 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:55:38.0380 1008 WebClient - ok
19:55:38.0411 1008 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:55:38.0427 1008 Wecsvc - ok
19:55:38.0458 1008 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:55:38.0474 1008 wercplsupport - ok
19:55:38.0505 1008 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:55:38.0536 1008 WerSvc - ok
19:55:38.0536 1008 WinHttpAutoProxySvc - ok
19:55:38.0583 1008 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:55:38.0598 1008 Winmgmt - ok
19:55:38.0676 1008 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:55:38.0723 1008 WinRM - ok
19:55:38.0786 1008 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:55:38.0801 1008 Wlansvc - ok
19:55:38.0879 1008 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:55:38.0895 1008 wlcrasvc - ok
19:55:39.0020 1008 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:55:39.0066 1008 wlidsvc - ok
19:55:39.0176 1008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:55:39.0191 1008 WmiAcpi - ok
19:55:39.0254 1008 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:55:39.0269 1008 wmiApSrv - ok
19:55:39.0363 1008 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:55:39.0378 1008 WMPNetworkSvc - ok
19:55:39.0425 1008 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:55:39.0441 1008 WPCSvc - ok
19:55:39.0472 1008 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:55:39.0488 1008 WPDBusEnum - ok
19:55:39.0550 1008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:55:39.0566 1008 WpdUsb - ok
19:55:39.0690 1008 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:55:39.0706 1008 WPFFontCache_v0400 - ok
19:55:39.0753 1008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:55:39.0784 1008 ws2ifsl - ok
19:55:39.0784 1008 WSearch - ok
19:55:39.0815 1008 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:55:39.0831 1008 WUDFRd - ok
19:55:39.0862 1008 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:55:39.0893 1008 wudfsvc - ok
19:55:39.0909 1008 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:55:40.0283 1008 \Device\Harddisk0\DR0 - ok
19:55:40.0283 1008 Boot (0x1200) (e379bb9e3b2bf7dcd6e9fcb2e7df2619) \Device\Harddisk0\DR0\Partition0
19:55:40.0283 1008 \Device\Harddisk0\DR0\Partition0 - ok
19:55:40.0283 1008 ============================================================
19:55:40.0283 1008 Scan finished
19:55:40.0283 1008 ============================================================
19:55:40.0299 0392 Detected object count: 6
19:55:40.0299 0392 Actual detected object count: 6
19:55:52.0966 0392 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:52.0966 0392 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:52.0966 0392 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:52.0966 0392 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:52.0966 0392 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:52.0966 0392 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:52.0966 0392 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

3.
Farbar Service Scanner Version: 26-07-2012
Ran by Jenny (administrator) on 29-07-2012 at 19:58:59
Running from "C:\Users\Jenny\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile. The key does not exist.
ATTENTION!=====> Unable to open HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile. The key does not exist.


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 08:29] - [2012-03-30 07:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Post is too long. Item 4&5 to follow.

4.
OTL logfile created on: 7/29/2012 8:01:40 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jenny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 82.28% Memory free
5.94 Gb Paging File | 5.62 Gb Available in Paging File | 94.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.38 Gb Total Space | 178.45 Gb Free Space | 61.67% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jenny | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 20:00:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/27 02:10:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 18:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/06 06:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/10/16 15:13:36 | 000,044,576 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 20:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jenny\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012/06/18 19:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 13:39:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120727.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/05/30 22:19:37 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/30 22:19:37 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/29 14:02:51 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/29 14:02:51 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120727.019\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/14 17:38:00 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 01:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 01:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\srtspx.sys -- (SRTSPX)
DRV - [2011/11/23 21:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symefa.sys -- (SymEFA)
DRV - [2011/11/16 22:37:59 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2011/11/16 22:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\ironx86.sys -- (SymIRON)
DRV - [2011/11/04 18:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0602010.005\ccsetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 01:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0602010.005\symds.sys -- (SymDS)
DRV - [2010/03/04 13:50:14 | 000,261,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/10 05:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 13:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {E1BE7376-E484-424E-B2F0-6AD01F7E0367}
IE - HKLM\..\SearchScopes\{E1BE7376-E484-424E-B2F0-6AD01F7E0367}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jenny\Desktop
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No CLSID value found
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\URLSearchHook: {b81767e1-672d-4da1-b5cc-d277185815a6} - No CLSID value found
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes,DefaultScope = {2658704F-5D6A-4138-B90C-617152FE8462}
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{2658704F-5D6A-4138-B90C-617152FE8462}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=59925&p={searchTerms}
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{4252BFC3-672C-496F-B786-810771891CA5}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=8j1Zs9ukNOvmaCJVdnaTVXQRPzA?q={searchTerms}
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{E1BE7376-E484-424E-B2F0-6AD01F7E0367}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_en___US346
IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jenny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jenny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012/05/14 17:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2012/07/29 19:38:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFCB5E9A-E1F9-4FC7-AE19-2C6A1506A6F9}: DhcpNameServer = 192.168.10.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jenny\Pictures\Night Mother.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jenny\Pictures\Night Mother.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\Shell - "" = AutoRun
O33 - MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\Shell - "" = AutoRun
O33 - MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
O33 - MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 19:59:56 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2012/07/29 19:58:23 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Jenny\Desktop\FSS.exe
[2012/07/29 19:52:34 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jenny\Desktop\tdsskiller.exe
[2012/07/26 23:54:46 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\gmer
[2012/07/26 23:29:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jenny\Desktop\dds.scr
[2012/07/24 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Mozilla
[2012/07/24 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\WildTangent
[2012/07/22 13:21:13 | 000,892,164 | ---- | C] (Farbar) -- C:\Users\Jenny\Desktop\FRST.exe
[2012/07/22 13:06:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/21 17:05:55 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/20 00:24:40 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\NPE
[2012/07/20 00:24:18 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\Jenny\Desktop\NPE.exe
[2012/07/15 19:34:16 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\MotoCast
[2012/07/15 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Desktop\Sarah's phone pics
[2012/07/12 03:09:25 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/12 03:02:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/12 03:02:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/12 03:02:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/12 03:02:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/12 03:02:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/12 03:02:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/12 03:02:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 09:38:24 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 20:00:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Desktop\OTL.exe
[2012/07/29 19:58:35 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Jenny\Desktop\FSS.exe
[2012/07/29 19:52:42 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jenny\Desktop\tdsskiller.exe
[2012/07/29 19:46:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 19:38:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 19:37:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 19:37:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 16:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 22:40:03 | 000,003,792 | ---- | M] () -- C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219}
[2012/07/27 23:20:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1934651463-4168729035-3063580607-1000UA.job
[2012/07/27 22:45:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 22:27:48 | 000,003,760 | ---- | M] () -- C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D}
[2012/07/27 03:20:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1934651463-4168729035-3063580607-1000Core.job
[2012/07/27 02:10:23 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/27 02:10:23 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/27 00:05:42 | 000,003,720 | ---- | M] () -- C:\{4513511F-00A4-415D-A2B3-5A088F82A934}
[2012/07/26 23:59:53 | 204,926,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/26 23:54:12 | 000,294,216 | ---- | M] () -- C:\Users\Jenny\Desktop\gmer.zip
[2012/07/26 23:29:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jenny\Desktop\dds.scr
[2012/07/26 23:27:01 | 000,000,000 | ---- | M] () -- C:\Users\Jenny\defogger_reenable
[2012/07/26 23:26:05 | 000,050,477 | ---- | M] () -- C:\Users\Jenny\Desktop\Defogger.exe
[2012/07/26 23:14:04 | 000,003,760 | ---- | M] () -- C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E}
[2012/07/26 23:05:09 | 000,003,760 | ---- | M] () -- C:\{9454CA4B-08E3-4E84-A055-6583108B4399}
[2012/07/26 22:57:12 | 000,003,792 | ---- | M] () -- C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852}
[2012/07/26 19:50:11 | 000,002,144 | ---- | M] () -- C:\{8606072A-9253-42F9-AABE-EE86E29F2271}
[2012/07/26 15:32:02 | 000,616,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/26 15:32:02 | 000,108,394 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/26 00:27:20 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/07/25 19:07:39 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2012/07/25 15:20:27 | 000,003,760 | ---- | M] () -- C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30}
[2012/07/25 02:06:37 | 000,003,760 | ---- | M] () -- C:\{9143C621-76BF-4055-A3FE-D767F75EA419}
[2012/07/23 23:14:14 | 000,003,760 | ---- | M] () -- C:\{A929AF97-7A93-4950-963C-9105928F2D43}
[2012/07/23 21:07:45 | 000,031,900 | ---- | M] () -- C:\Users\Jenny\Desktop\crap.jpg
[2012/07/23 11:14:26 | 000,002,336 | ---- | M] () -- C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593}
[2012/07/23 00:47:03 | 000,010,006 | ---- | M] () -- C:\Users\Jenny\Desktop\imagesCA6ZA84F.jpg
[2012/07/22 17:52:56 | 000,003,760 | ---- | M] () -- C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D}
[2012/07/22 13:21:43 | 000,892,164 | ---- | M] (Farbar) -- C:\Users\Jenny\Desktop\FRST.exe
[2012/07/20 13:27:38 | 000,446,671 | ---- | M] () -- C:\Users\Jenny\Desktop\Jackie_Chan_in_The_Spy_Next_Door_Wallpaper_2_1280.jpg
[2012/07/20 07:53:48 | 000,030,365 | ---- | M] () -- C:\Users\Jenny\Desktop\fairpoint ticket #.rtf
[2012/07/20 00:24:18 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\Jenny\Desktop\NPE.exe
[2012/07/12 03:29:01 | 000,343,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 22:40:01 | 000,003,792 | ---- | C] () -- C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219}
[2012/07/27 22:27:48 | 000,003,760 | ---- | C] () -- C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D}
[2012/07/27 00:05:42 | 000,003,720 | ---- | C] () -- C:\{4513511F-00A4-415D-A2B3-5A088F82A934}
[2012/07/26 23:54:10 | 000,294,216 | ---- | C] () -- C:\Users\Jenny\Desktop\gmer.zip
[2012/07/26 23:27:01 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\defogger_reenable
[2012/07/26 23:26:05 | 000,050,477 | ---- | C] () -- C:\Users\Jenny\Desktop\Defogger.exe
[2012/07/26 23:19:00 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L\00000004.@
[2012/07/26 23:14:04 | 000,003,760 | ---- | C] () -- C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E}
[2012/07/26 23:05:08 | 000,003,760 | ---- | C] () -- C:\{9454CA4B-08E3-4E84-A055-6583108B4399}
[2012/07/26 22:57:11 | 000,003,792 | ---- | C] () -- C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852}
[2012/07/26 19:50:11 | 000,002,144 | ---- | C] () -- C:\{8606072A-9253-42F9-AABE-EE86E29F2271}
[2012/07/25 15:20:27 | 000,003,760 | ---- | C] () -- C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30}
[2012/07/25 02:06:37 | 000,003,760 | ---- | C] () -- C:\{9143C621-76BF-4055-A3FE-D767F75EA419}
[2012/07/23 23:14:14 | 000,003,760 | ---- | C] () -- C:\{A929AF97-7A93-4950-963C-9105928F2D43}
[2012/07/23 21:07:45 | 000,031,900 | ---- | C] () -- C:\Users\Jenny\Desktop\crap.jpg
[2012/07/23 11:14:25 | 000,002,336 | ---- | C] () -- C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593}
[2012/07/23 00:47:13 | 000,010,006 | ---- | C] () -- C:\Users\Jenny\Desktop\imagesCA6ZA84F.jpg
[2012/07/22 17:52:56 | 000,003,760 | ---- | C] () -- C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D}
[2012/07/20 13:27:52 | 000,446,671 | ---- | C] () -- C:\Users\Jenny\Desktop\Jackie_Chan_in_The_Spy_Next_Door_Wallpaper_2_1280.jpg
[2012/07/19 11:29:25 | 000,030,365 | ---- | C] () -- C:\Users\Jenny\Desktop\fairpoint ticket #.rtf
[2012/01/11 14:40:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\@
[2011/11/30 18:44:14 | 000,319,227 | ---- | C] () -- C:\Users\Jenny\AppData\Local\census.cache
[2011/11/30 18:43:40 | 000,205,324 | ---- | C] () -- C:\Users\Jenny\AppData\Local\ars.cache
[2011/11/30 18:31:52 | 000,000,036 | ---- | C] () -- C:\Users\Jenny\AppData\Local\housecall.guid.cache
[2011/10/28 07:13:05 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\AppData\Local\{D388546F-15B7-40F9-B1A9-9B1348135FCE}
[2010/10/14 20:22:29 | 000,001,940 | ---- | C] () -- C:\Users\Jenny\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/04/27 20:08:47 | 000,009,196 | -HS- | C] () -- C:\Users\Jenny\AppData\Local\KLry0l
[2010/04/27 20:08:47 | 000,009,196 | -HS- | C] () -- C:\ProgramData\KLry0l
[2009/10/25 15:28:56 | 000,001,356 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/10/16 15:47:36 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/16 15:47:36 | 000,000,088 | RHS- | C] () -- C:\ProgramData\64014BFD54.sys
[2009/09/18 19:04:30 | 000,006,060 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\wklnhst.dat
[2009/09/17 10:42:25 | 000,051,200 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/08/18 12:51:06 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/08/18 12:51:02 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/08/18 12:51:06 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/08/18 12:51:12 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/08/18 12:51:13 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/04 10:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2012/05/01 09:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2012/05/14 17:38:00 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\SYMEVENT.SYS

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 08:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 08:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 08:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/20 21:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/10 23:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 08:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 01:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/20 21:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2009/04/10 23:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TDX.SYS >
[2009/04/10 23:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
[2009/04/10 23:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
[2008/01/20 21:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 04:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 01:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/20 21:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/13 10:29:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB29605$\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\$NtUninstallKB29605$\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\$NtUninstallKB29605$] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 7/29/2012 8:01:40 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jenny\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 82.28% Memory free
5.94 Gb Paging File | 5.62 Gb Available in Paging File | 94.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.38 Gb Total Space | 178.45 Gb Free Space | 61.67% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Jenny | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99D518AB-77F2-405B-B52A-18FC22394CF8}" = NetZero Internet Access Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}" = WordPerfect Office X4 - IPM T EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Alabama Smith in Escape from Pompeii" = Alabama Smith in Escape from Pompeii
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Download Manager" = Download Manager 2.3.10
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inca Ball_is1" = Inca Ball
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mystery Cookbook" = Mystery Cookbook
"N360" = Norton 360
"Picasa2" = Picasa 2
"Sprill - The Mystery of The Bermuda Triangle" = Sprill - The Mystery of The Bermuda Triangle
"STANDARDR" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"The Treasures Of Mystery Island" = The Treasures Of Mystery Island
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WTA-8cc2d9d0-253d-4c30-900c-5e9c9555e448" = FATE - The Traitor Soul
"WTA-ffae0e73-4f67-411f-a1ae-be3a286f25b0" = Color Cross

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"GeoGebra 4" = GeoGebra 4
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2012 11:55:24 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 3:10:14 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 11:39:41 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 11:47:48 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 11:56:04 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 12:12:47 AM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 5:07:38 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 8:39:15 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2012 8:47:28 PM | Computer Name = Laptop | Source = EventSystem | ID = 4609
Description =

Error - 7/29/2012 8:48:22 PM | Computer Name = Laptop | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 12/18/2009 9:36:29 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/26/2009 8:17:43 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/8/2010 4:52:18 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/8/2010 4:52:28 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/8/2010 4:54:37 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/11/2010 10:02:38 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/11/2010 10:49:15 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/27/2010 3:45:47 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/17/2010 6:22:13 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/24/2010 12:01:09 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/29/2012 8:46:55 PM | Computer Name = Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:43:36 PM on 7/29/2012 was unexpected.

Error - 7/29/2012 8:47:20 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/29/2012 8:47:28 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/29/2012 8:47:30 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/29/2012 8:47:36 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/29/2012 8:47:49 PM | Computer Name = Laptop | Source = DCOM | ID = 10005
Description =

Error - 7/29/2012 8:48:23 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description =

Error - 7/29/2012 8:48:23 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description =

Error - 7/29/2012 8:48:23 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description =

Error - 7/29/2012 8:48:23 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description =


< End of report >

5.
There has not been any change in the performance of my computer. It is still behaving as it was at my original post. Thank you for your time, ST.

Jen

#4 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 29 July 2012 - 08:34 PM

I had to run those scans while in safe mode. I hope that is sufficient. If it is not, I will try to run them in regular windows if I can keep it from freezing long enough.

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 30 July 2012 - 03:45 PM

Hi Jen!

It's fine that you ran those scans in Safe Mode. I was able to gather the information I needed to provide you with a fix to get started. :)

1. My Norton 360 Auto Protect keeps popping up saying that it blocked a threat. So, is this software actually providing any protection against these viruses? Is it likely that they will provide a solution to these viruses in the future? Is there any protection that I could buy that would prevent this kind of attack?

Does Norton 360 provide you with any additional information on where exactly the threat was found?

Malware keeps on getting more and more sophisticated so each time an anti-virus company gets a handle on one type of infection that's in the wild, a different infection is being released somewhere.


Granted, there are some anti-virus programs that are better than others, and do have a better rate of detecting infections, but there isn't one anti-virus program that will catch everything. The best way to prevent this from happening again is to practice safe browsing.

You may also want to consider purchasing the professional version of MalwareBytes' Anti-Malware. It's a fabulous utility, and well worth the money.

I hope the above made sense.

------

It looks like this infection has done some damage to some key registry values. We will need to fix this a little bit later.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open sharedaccess registry key. The service key does not exist.



=========

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\URLSearchHook: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - No CLSID value found
    IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\URLSearchHook: {b81767e1-672d-4da1-b5cc-d277185815a6} - No CLSID value found
    IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{2658704F-5D6A-4138-B90C-617152FE8462}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=59925&p={searchTerms}
    IE - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=8j1Zs9ukNOvmaCJVdnaTVXQRPzA?q={searchTerms}
    O3 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
    O3 - HKU\S-1-5-21-1934651463-4168729035-3063580607-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKU\.DEFAULT..\RunOnce: [] File not found
    O4 - HKU\S-1-5-18..\RunOnce: [] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [] File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\Shell - "" = AutoRun
    O33 - MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
    O33 - MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\Shell - "" = AutoRun
    O33 - MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\Shell\AutoRun\command - "" = H:\setup.exe -a
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2012/07/22 13:06:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/07/28 22:40:03 | 000,003,792 | ---- | M] () -- C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219}
    [2012/07/27 22:27:48 | 000,003,760 | ---- | M] () -- C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D}
    [2012/07/27 00:05:42 | 000,003,720 | ---- | M] () -- C:\{4513511F-00A4-415D-A2B3-5A088F82A934}
    [2012/07/26 23:14:04 | 000,003,760 | ---- | M] () -- C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E}
    [2012/07/26 23:05:09 | 000,003,760 | ---- | M] () -- C:\{9454CA4B-08E3-4E84-A055-6583108B4399}
    [2012/07/26 22:57:12 | 000,003,792 | ---- | M] () -- C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852}
    [2012/07/26 19:50:11 | 000,002,144 | ---- | M] () -- C:\{8606072A-9253-42F9-AABE-EE86E29F2271}
    [2012/07/25 15:20:27 | 000,003,760 | ---- | M] () -- C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30}
    [2012/07/25 02:06:37 | 000,003,760 | ---- | M] () -- C:\{9143C621-76BF-4055-A3FE-D767F75EA419}
    [2012/07/23 23:14:14 | 000,003,760 | ---- | M] () -- C:\{A929AF97-7A93-4950-963C-9105928F2D43}
    [2012/07/23 11:14:26 | 000,002,336 | ---- | M] () -- C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593}
    [2012/07/22 17:52:56 | 000,003,760 | ---- | M] () -- C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D}
    [2012/07/28 22:40:01 | 000,003,792 | ---- | C] () -- C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219}
    [2012/07/27 22:27:48 | 000,003,760 | ---- | C] () -- C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D}
    [2012/07/27 00:05:42 | 000,003,720 | ---- | C] () -- C:\{4513511F-00A4-415D-A2B3-5A088F82A934}
    [2012/07/26 23:19:00 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L\00000004.@
    [2012/07/26 23:14:04 | 000,003,760 | ---- | C] () -- C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E}
    [2012/07/26 23:05:08 | 000,003,760 | ---- | C] () -- C:\{9454CA4B-08E3-4E84-A055-6583108B4399}
    [2012/07/26 22:57:11 | 000,003,792 | ---- | C] () -- C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852}
    [2012/07/26 19:50:11 | 000,002,144 | ---- | C] () -- C:\{8606072A-9253-42F9-AABE-EE86E29F2271}
    [2012/07/25 15:20:27 | 000,003,760 | ---- | C] () -- C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30}
    [2012/07/25 02:06:37 | 000,003,760 | ---- | C] () -- C:\{9143C621-76BF-4055-A3FE-D767F75EA419}
    [2012/07/23 23:14:14 | 000,003,760 | ---- | C] () -- C:\{A929AF97-7A93-4950-963C-9105928F2D43}
    [2012/07/23 11:14:25 | 000,002,336 | ---- | C] () -- C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593}
    [2012/07/22 17:52:56 | 000,003,760 | ---- | C] () -- C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D}
    [2012/01/11 14:40:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\@
    [2011/10/28 07:13:05 | 000,000,000 | ---- | C] () -- C:\Users\Jenny\AppData\Local\{D388546F-15B7-40F9-B1A9-9B1348135FCE}
    [2010/04/27 20:08:47 | 000,009,196 | -HS- | C] () -- C:\Users\Jenny\AppData\Local\KLry0l
    [2010/04/27 20:08:47 | 000,009,196 | -HS- | C] () -- C:\ProgramData\KLry0l
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [CreateRestorePoint]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log file.
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 01 August 2012 - 03:04 PM

1. Thank you for being so helpful, and making the instructions so easy to follow.
2. ========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}\ not found.
Registry value HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{b81767e1-672d-4da1-b5cc-d277185815a6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81767e1-672d-4da1-b5cc-d277185815a6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2658704F-5D6A-4138-B90C-617152FE8462}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2658704F-5D6A-4138-B90C-617152FE8462}\ not found.
Registry key HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ not found.
Registry value HKEY_USERS\S-1-5-21-1934651463-4168729035-3063580607-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cfFncEnabler.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableStatusMessages deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ddc9edb-b6b6-11de-b0ab-001e33ce4342}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82af8eaa-ce42-11e1-a5db-001e33ce4342}\ not found.
File F:\MotoCastSetup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f7fd45-a821-11e1-8c97-001e33ce4342}\ not found.
File H:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Folder move failed. C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\%APPDATA%\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\%APPDATA%\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\System32\%APPDATA% scheduled to be moved on reboot.
C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219} moved successfully.
C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D} moved successfully.
C:\{4513511F-00A4-415D-A2B3-5A088F82A934} moved successfully.
C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E} moved successfully.
C:\{9454CA4B-08E3-4E84-A055-6583108B4399} moved successfully.
C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852} moved successfully.
C:\{8606072A-9253-42F9-AABE-EE86E29F2271} moved successfully.
C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30} moved successfully.
C:\{9143C621-76BF-4055-A3FE-D767F75EA419} moved successfully.
C:\{A929AF97-7A93-4950-963C-9105928F2D43} moved successfully.
C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593} moved successfully.
C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D} moved successfully.
File C:\{3407D951-81CC-42E9-A0B4-9E5FEC831219} not found.
File C:\{3496238A-EF54-49D3-BD2D-F85DF8F3519D} not found.
File C:\{4513511F-00A4-415D-A2B3-5A088F82A934} not found.
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L\00000004.@ moved successfully.
File C:\{A865F80D-F078-4E6B-AB82-5D1A6D8A2C4E} not found.
File C:\{9454CA4B-08E3-4E84-A055-6583108B4399} not found.
File C:\{A64FBC9D-0D0C-4ABC-883A-66F1FB104852} not found.
File C:\{8606072A-9253-42F9-AABE-EE86E29F2271} not found.
File C:\{D547DB16-FB0F-4CB1-B76A-92852AF0CF30} not found.
File C:\{9143C621-76BF-4055-A3FE-D767F75EA419} not found.
File C:\{A929AF97-7A93-4950-963C-9105928F2D43} not found.
File C:\{8454969C-A8DE-41B4-93D1-FCF3881E4593} not found.
File C:\{3EB42032-04A8-4068-B13E-56A4FFD2E07D} not found.
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\@ moved successfully.
C:\Users\Jenny\AppData\Local\{D388546F-15B7-40F9-B1A9-9B1348135FCE} moved successfully.
C:\Users\Jenny\AppData\Local\KLry0l moved successfully.
C:\ProgramData\KLry0l moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jenny\Desktop\cmd.bat deleted successfully.
C:\Users\Jenny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jenny
->Flash cache emptied: 1043656 bytes

User: Public

Total Flash Files Cleaned = 1.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jenny
->Java cache emptied: 80007383 bytes

User: Public

Total Java Files Cleaned = 76.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08012012_105553

Files\Folders moved on Reboot...
C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\System32\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\System32\%APPDATA% folder moved successfully.

PendingFileRenameOperations files...
File C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache not found!
File C:\Windows\System32\%APPDATA%\Microsoft\Windows not found!
File C:\Windows\System32\%APPDATA%\Microsoft not found!
File C:\Windows\System32\%APPDATA% not found!

Registry entries deleted on Reboot...

3. I was unable to run ComboFix. I tried running it from SafeMode and it would not complete the action, plus I kept getting Warnings/Errors about access denied etc. I also tried running it from Windows and it kept freezing up. Please advise if there is another way that I can acheive this task.
4. My computer is running much the same as it has been. Two new developments are that I get popups when opening a webpage much more frequently, or when I click a link it takes me to a different web address altogether than what I clicked. Also, at startup now I get an error message saying that the Recycle Bin on this drive is currupt and would I like to empty the bin, but it is already empty (I emptied it the first time I got the message..I hope that was not the wrong thing to do).

Thank you again, and I will be waiting for your response.
Jen
PS. Know that I am doing everything I can to be prompt in doing the tasks you give me and replying back to you, but I am having connectivity issues at home that are beyond my control and I am waiting for a repair from the company that won't come until early next week, so please be patient with me as well and do not discontinue this thread.

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 02 August 2012 - 03:29 PM

Hi!

Not a problem! I'm truly glad that I'm able to be of assistance. :)

PS. Know that I am doing everything I can to be prompt in doing the tasks you give me and replying back to you, but I am having connectivity issues at home that are beyond my control and I am waiting for a repair from the company that won't come until early next week, so please be patient with me as well and do not discontinue this thread.

That's not going to be a problem at all! I know how it can be with having connection issues, it's not fun at all.

My computer is running much the same as it has been. Two new developments are that I get popups when opening a webpage much more frequently, or when I click a link it takes me to a different web address altogether than what I clicked. Also, at startup now I get an error message saying that the Recycle Bin on this drive is currupt and would I like to empty the bin, but it is already empty (I emptied it the first time I got the message..I hope that was not the wrong thing to do).

That was the correct thing to do.

3. I was unable to run ComboFix. I tried running it from SafeMode and it would not complete the action, plus I kept getting Warnings/Errors about access denied etc. I also tried running it from Windows and it kept freezing up. Please advise if there is another way that I can acheive this task.

Lets try the following:

Download this version of combofix

Please download ComboFix from: Here to your Desktop.

**Note:**In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to the name provided in the image below:

    Attached File  Cfix_svchost.exe (1).gif   77.63KB   1 downloads
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
  • Double click on the renamed version of ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the ComboFix log which can be found in the root drive (usually the C: Drive) for further review.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 20 August 2012 - 04:52 PM

I am still unable to run the previous fix. I tried in regular windows mode, and was unable to complete the action before the computer froze, requiring a hard restart. I tried running it in safe mode, but got several error messages that indicated it wasn't running fully or correctly.
My computer problem seems to have changed.
I am no longer receiving the virus warnings AT ALL. Now, my problem is that the computer freezes up within minutes of starting up. The icons and pages remain up, but all actions/links are unclickable (more accurately, you can click but nothing happens save the little blue circle circling). When pushing cntrl, alt, del, the tast manager does not come up. This problem only happens in Regular Windows, not safe mode.
Perhaps we should shift our focus to the new problem? Will I need to begin a new thread in a different forum since the virus problems seems to have been resolved (though I don't know how?).
Also, occasionally I still get the message upon startup about the recycle bin being corrupt and do I want to empty it (though it is already empty).
Please advise me on how to proceed.

Jen

PS. I apologize for the delay in replying. I have finally gotten my connectivity issues resolved. I tried posting a reply to you a few days ago, but for some reason it didn't post. I didn't know until I checked today to see if you had replied. Thank you in advance for your attention.

Edited by JenPoohBear, 20 August 2012 - 07:53 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 21 August 2012 - 02:49 PM

Hi Jen!

From the sounds of things, it's possible that this is still a malware issue.

I'd like to have you try running a different scan for me. I hope that it may provide me with some new information to see where we should go next.


Running FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 24 August 2012 - 11:13 AM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 24-08-2012 11:05:37
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [150040 2008-06-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [170520 2008-06-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [145944 2008-06-25] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-09-13] (Google)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [QuickFinder Scheduler] "c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [83232 2009-06-22] (Corel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Jenny\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-04-24] (TOSHIBA)
HKU\Jenny\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Jenny\...\Run: [Google Update] "C:\Users\Jenny\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-03-18] (Google Inc.)
HKU\Jenny\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-07-01] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Startup: C:\Users\Jenny\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [40960 2008-04-16] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [44576 2009-10-16] (NOS Microsystems Ltd.)
3 GoogleDesktopManager-051210-111108; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30192 2010-09-13] (Google)
2 LexBceS; C:\Windows\System32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)
2 N360; "C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\6.2.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
3 SmartFaceVWatchSrv; "C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe" [73728 2008-04-24] (Toshiba)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [431456 2008-02-06] (TOSHIBA Corporation)
2 TOSHIBA SMART Log Service; "C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe" [126976 2007-12-03] (TOSHIBA Corporation)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 PSI_SVC_2; "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys [132744 2011-11-04] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120801.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120801.037\NAVENG.SYS [87928 2012-05-29] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120801.037\NAVEX15.SYS [1589752 2012-05-29] (Symantec Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
1 SRTSP; C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS [574072 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS [32888 2012-03-28] (Symantec Corporation)
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0602010.005\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0602010.005\SYMEFA.SYS [905336 2011-11-23] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-05-14] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0602010.005\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation)
3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [21344 2005-05-26] (LG Electronics Inc.)
3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [38144 2005-05-26] (LG Electronics Inc.)
3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [39036 2005-06-24] (LG Electronics Inc.)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
3 catchme; \??\C:\Users\Jenny\AppData\Local\Temp\catchme.sys [x]
3 cpuz132; \??\C:\Users\Jenny\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
3 EraserUtilDrv11210; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TFSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-20 16:54 - 2012-08-20 16:54 - 00000000 ____D C:\ComboFix
2012-08-20 14:01 - 2012-08-20 16:54 - 00000000 ___SD C:\32788R22FWJFW
2012-08-15 08:31 - 2012-08-15 08:31 - 00000000 ____D C:\Users\Jenny\AppData\Roaming\Mozilla
2012-08-02 23:23 - 2012-08-02 23:23 - 00138896 ____A C:\Windows\Minidump\Mini080312-01.dmp
2012-08-01 08:34 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-01 08:34 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-01 08:34 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-01 08:34 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-01 08:34 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-01 08:34 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-01 08:34 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-01 08:34 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-01 08:15 - 2012-08-01 08:15 - 00000000 ____D C:\Qoobox
2012-08-01 08:14 - 2012-08-20 16:54 - 00000000 ____D C:\Windows\erdnt
2012-08-01 08:04 - 2012-08-20 14:11 - 04734695 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe
2012-08-01 08:01 - 2012-08-01 08:01 - 00018528 ____A C:\Users\Jenny\Desktop\OTL2.TXT
2012-08-01 07:55 - 2012-08-01 07:55 - 00000000 ____D C:\_OTL
2012-07-30 10:44 - 2012-07-30 10:44 - 00000552 ____A C:\Users\Jenny\AppData\Local\d3d8caps.dat
2012-07-29 17:17 - 2012-07-29 17:18 - 00051096 ____A C:\Users\Jenny\Desktop\Extras.Txt
2012-07-29 17:15 - 2012-07-29 17:19 - 00122354 ____A C:\Users\Jenny\Desktop\OTL.Txt
2012-07-29 16:59 - 2012-07-29 17:00 - 00597504 ____A (OldTimer Tools) C:\Users\Jenny\Desktop\OTL.exe
2012-07-29 16:58 - 2012-07-29 16:59 - 00005976 ____A C:\Users\Jenny\Desktop\FSS.txt
2012-07-29 16:58 - 2012-07-29 16:58 - 00694833 ____A (Farbar) C:\Users\Jenny\Desktop\FSS.exe
2012-07-29 16:52 - 2012-07-29 16:52 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jenny\Desktop\tdsskiller.exe
2012-07-26 21:10 - 2012-07-26 21:10 - 00015569 ____A C:\Users\Jenny\Desktop\Attach.txt
2012-07-26 21:10 - 2012-07-26 21:10 - 00012899 ____A C:\Users\Jenny\Desktop\DDS.txt
2012-07-26 21:00 - 2012-07-26 21:00 - 00134824 ____A C:\Windows\Minidump\Mini072712-01.dmp
2012-07-26 20:54 - 2012-07-26 20:54 - 00294216 ____A C:\Users\Jenny\Desktop\gmer.zip
2012-07-26 20:54 - 2012-07-26 20:54 - 00000000 ____D C:\Users\Jenny\Desktop\gmer
2012-07-26 20:29 - 2012-07-26 20:29 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.scr
2012-07-26 20:27 - 2012-07-26 20:27 - 00000472 ____A C:\Users\Jenny\Desktop\defogger_disable.log
2012-07-26 20:27 - 2012-07-26 20:27 - 00000000 ____A C:\Users\Jenny\defogger_reenable
2012-07-26 20:26 - 2012-07-26 20:26 - 00050477 ____A C:\Users\Jenny\Desktop\Defogger.exe

============ 3 Months Modified Files ========================

2012-08-24 07:34 - 2009-07-01 11:31 - 01406974 ____A C:\Windows\WindowsUpdate.log
2012-08-24 07:29 - 2010-02-01 21:12 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-24 07:29 - 2008-01-20 18:47 - 01174898 ____A C:\Windows\PFRO.log
2012-08-24 07:29 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-24 07:29 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-24 07:29 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 14:15 - 2006-11-02 02:33 - 00720250 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-20 14:11 - 2012-08-01 08:04 - 04734695 ____R (Swearware) C:\Users\Jenny\Desktop\ComboFix.exe
2012-08-20 14:09 - 2012-04-28 16:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-20 13:41 - 2006-11-02 05:01 - 00032626 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-18 08:45 - 2010-02-01 21:12 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-18 08:22 - 2012-04-28 16:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-18 08:22 - 2011-05-19 10:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-02 23:23 - 2012-08-02 23:23 - 00138896 ____A C:\Windows\Minidump\Mini080312-01.dmp
2012-08-02 23:22 - 2010-04-18 07:47 - 260929483 ____A C:\Windows\MEMORY.DMP
2012-08-02 11:02 - 2006-11-02 04:52 - 00065766 ____A C:\Windows\setupact.log
2012-08-01 10:20 - 2010-09-11 19:31 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934651463-4168729035-3063580607-1000UA.job
2012-08-01 08:01 - 2012-08-01 08:01 - 00018528 ____A C:\Users\Jenny\Desktop\OTL2.TXT
2012-07-30 14:34 - 2011-03-15 09:36 - 00002301 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-07-30 10:44 - 2012-07-30 10:44 - 00000552 ____A C:\Users\Jenny\AppData\Local\d3d8caps.dat
2012-07-30 10:42 - 2012-04-13 13:11 - 00002281 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2012-07-29 17:19 - 2012-07-29 17:15 - 00122354 ____A C:\Users\Jenny\Desktop\OTL.Txt
2012-07-29 17:18 - 2012-07-29 17:17 - 00051096 ____A C:\Users\Jenny\Desktop\Extras.Txt
2012-07-29 17:00 - 2012-07-29 16:59 - 00597504 ____A (OldTimer Tools) C:\Users\Jenny\Desktop\OTL.exe
2012-07-29 16:59 - 2012-07-29 16:58 - 00005976 ____A C:\Users\Jenny\Desktop\FSS.txt
2012-07-29 16:58 - 2012-07-29 16:58 - 00694833 ____A (Farbar) C:\Users\Jenny\Desktop\FSS.exe
2012-07-29 16:52 - 2012-07-29 16:52 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jenny\Desktop\tdsskiller.exe
2012-07-27 00:20 - 2010-09-11 19:31 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1934651463-4168729035-3063580607-1000Core.job
2012-07-26 21:10 - 2012-07-26 21:10 - 00015569 ____A C:\Users\Jenny\Desktop\Attach.txt
2012-07-26 21:10 - 2012-07-26 21:10 - 00012899 ____A C:\Users\Jenny\Desktop\DDS.txt
2012-07-26 21:00 - 2012-07-26 21:00 - 00134824 ____A C:\Windows\Minidump\Mini072712-01.dmp
2012-07-26 20:54 - 2012-07-26 20:54 - 00294216 ____A C:\Users\Jenny\Desktop\gmer.zip
2012-07-26 20:29 - 2012-07-26 20:29 - 00607260 ____R (Swearware) C:\Users\Jenny\Desktop\dds.scr
2012-07-26 20:27 - 2012-07-26 20:27 - 00000472 ____A C:\Users\Jenny\Desktop\defogger_disable.log
2012-07-26 20:27 - 2012-07-26 20:27 - 00000000 ____A C:\Users\Jenny\defogger_reenable
2012-07-26 20:26 - 2012-07-26 20:26 - 00050477 ____A C:\Users\Jenny\Desktop\Defogger.exe
2012-07-24 14:07 - 2012-01-16 11:21 - 00000181 ____A C:\Users\Jenny\Desktop\Games-Books i want.txt
2012-07-22 10:21 - 2012-07-22 10:21 - 00892164 ____A (Farbar) C:\Users\Jenny\Desktop\FRST.exe
2012-07-20 10:40 - 2011-09-09 08:19 - 00000156 ____A C:\Users\Jenny\Documents\medicaid.txt
2012-07-19 21:24 - 2012-07-19 21:24 - 02841104 ____A (Symantec Corporation) C:\Users\Jenny\Desktop\NPE.exe
2012-07-12 00:29 - 2006-11-02 04:47 - 00343072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 00:08 - 2006-11-02 02:23 - 00000219 ____A C:\Windows\win.ini
2012-07-12 00:04 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 05:40 - 2012-07-12 00:09 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 19:42 - 2010-01-04 09:34 - 00002595 ____A C:\Users\Jenny\Desktop\Microsoft Office PowerPoint 2007.lnk
2012-06-12 19:37 - 2012-06-12 19:37 - 00211221 ____A C:\Users\Jenny\Documents\Presentation1.pptx
2012-06-11 07:12 - 2012-06-11 07:12 - 00151565 ____A C:\Users\Jenny\Desktop\31743555.pdf.lqd09ox.partial
2012-06-08 09:47 - 2012-07-11 06:38 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 08:47 - 2012-07-11 06:38 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 08:47 - 2012-07-11 06:38 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 07:26 - 2012-07-11 06:38 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-19 05:25 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 05:25 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 05:25 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 05:24 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 05:24 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 05:25 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 05:24 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-19 05:23 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-19 05:23 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-12 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-12 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-12 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-12 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-12 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-12 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-12 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-12 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-12 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 16:04 - 2012-07-11 06:38 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:03 - 2012-07-11 06:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-27 09:31 - 2012-05-14 14:37 - 00002050 ____A C:\Users\Public\Desktop\Norton 360.lnk
2012-05-27 09:18 - 2012-05-25 20:24 - 00000010 ____A C:\Users\Jenny\Desktop\BZ EDITOR CODES.txt


ZeroAccess:
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 2939.25 MB
Available physical RAM: 2523.97 MB
Total Pagefile: 2734.81 MB
Available Pagefile: 2593.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.95 MB

======================= Partitions =========================

1 Drive c: (SQ004980V02) (Fixed) (Total:289.38 GB) (Free:179.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.32 GB) NTFS
5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.4 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7634 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 289 GB 1501 MB
Partition 3 Primary 7419 MB 291 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SQ004980V02 NTFS Partition 289 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-24 07:35

======================= End Of Log ==========================

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 24 August 2012 - 03:31 PM

Hi!

It looks like this infection is still on your system.

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
3 catchme; \??\C:\Users\Jenny\AppData\Local\Temp\catchme.sys [x]
3 cpuz132; \??\C:\Users\Jenny\AppData\Local\Temp\cpuz132\cpuz132_x32.sys [x]
2012-06-11 07:12 - 2012-06-11 07:12 - 00151565 ____A C:\Users\Jenny\Desktop\31743555.pdf.lqd09ox.partial
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\U
C:\Windows\assembly\GAC\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Could you please attempt to run ComboFix, and see if you have better luck running it now?

Let me know.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 29 August 2012 - 08:02 PM

I have tried every way I know how to run ComboFix and it just will not work. I have tried safemode, but it won't run. I have tried it in regular windows but it inevitably freezes up before it can complete. I have a program called DDS. Is it similar to ComboFix? I might could complete it as it doesn't take as long to run. Let me know. The fixlog follows:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-08-29 19:20:37 Run:1
Running from G:\

==============================================

catchme service deleted successfully.
cpuz132 service deleted successfully.
C:\Users\Jenny\Desktop\31743555.pdf.lqd09ox.partial moved successfully.
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac} moved successfully.
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\L not found.
C:\Windows\Installer\{b88464dc-95b6-b355-ac61-73d41790d6ac}\U not found.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 30 August 2012 - 03:07 PM

Hi!

Okay, lets try running the following scan instead:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 JenPoohBear

JenPoohBear
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:18 AM

Posted 01 September 2012 - 09:44 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 19:50:24
-----------------------------
19:50:24.054 OS Version: Windows 6.0.6002 Service Pack 2
19:50:24.054 Number of processors: 2 586 0x170A
19:50:24.054 ComputerName: LAPTOP UserName: Jenny
19:51:31.670 Initialize success
19:51:49.374 AVAST engine defs: 12090101
19:51:51.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:51:51.776 Disk 0 Vendor: FUJITSU_ 0040 Size: 305245MB BusType: 3
19:51:51.792 Disk 0 MBR read successfully
19:51:51.792 Disk 0 MBR scan
19:51:51.808 Disk 0 Windows VISTA default MBR code
19:51:51.808 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:51:51.823 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296325 MB offset 3074048
19:51:51.870 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7419 MB offset 609947648
19:51:51.901 Disk 0 scanning sectors +625141760
19:51:52.119 Disk 0 scanning C:\Windows\system32\drivers
19:52:13.427 Service scanning
19:52:45.138 Modules scanning
19:53:02.826 Disk 0 trace - called modules:
19:53:03.341 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:53:03.356 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x879e64b0]
19:53:03.372 3 CLASSPNP.SYS[8b9108b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86e4a028]
19:53:04.791 AVAST engine scan C:\Windows
19:53:16.428 AVAST engine scan C:\Windows\system32
19:57:49.318 AVAST engine scan C:\Windows\system32\drivers
19:58:28.205 AVAST engine scan C:\Users\Jenny
20:16:34.108 AVAST engine scan C:\ProgramData
20:26:53.903 Scan finished successfully
20:27:06.553 Disk 0 MBR has been saved successfully to "C:\Users\Jenny\Desktop\MBR.dat"
20:27:06.569 The log file has been saved successfully to "C:\Users\Jenny\Desktop\aswMBR.txt"

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:18 AM

Posted 02 September 2012 - 02:33 PM

Hi!

Thanks for posting that log file. I need to review the contents of it, and hope to have something new for you soon.

-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users